Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Citrix Systems NetScaler Nitro API 跨站脚本漏洞
Vulnerability Description
Citrix Systems NetScaler是美国思杰系统(Citrix Systems)公司的一款多功能Web应用交付控制器,它可用于优化、保护并控制所有企业和云服务的交付。 Citrix Systems NetScaler 10.5版本的Nitro API中存在安全漏洞,该漏洞源于程序返回不正确的Content-Type HTTP响应头。远程攻击者可借助params/xen_hotfix/0 URI中的‘file_name’参数利用该漏洞实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A