CVE-2020-8245
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
18/09/2020
Last modified:
07/10/2020
Description
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 11.1 (including) | 11.1-65.12 (excluding) |
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 12.1 (including) | 12.1-58.15 (excluding) |
| cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* | 13.0 (including) | 13.0-64.35 (excluding) |
| cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:* | 11.1 (including) | 11.1-65.12 (excluding) |
| cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:* | 13.0 (including) | 13.0-64.35 (excluding) |
| cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* | 12.1 (including) | 12.1-58.15 (excluding) |
To consult the complete list of CPE names with products and versions, see this page