Citrix NetScaler Gateway cross-site scripting (CVE-2016-4945)
Citrix NetScaler Gateway cross-site scripting (CVE-2016-4945)
Release date:
Updated on:
Affected Systems:
Citrix NetScaler Gateway <11.0 Build 66.11
Description:
CVE (CAN) ID: CVE-2016-4945
Citrix Access Gateway is a common ssl vpn device.
In versions earlier than Citrix NetScaler Gateway 11.0 Build 66.11, the cross-site scripting vulnerability exists in vpn/js/gateway_login_form_view.js. With the NSC_TMAC cookie, remote attackers can inject arbitrary Web scripts or HTML.
<* Source: Daniel Schliebner
*>
Suggestion:
Vendor patch:
Citrix
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.citrix.com/article/CTX213313
Https://www.citrix.com/downloads/netscaler-gateway.html? _ Ga = 1.170940128.1591262501.1464832490
This article permanently updates the link address: