Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX377814
HistoryApr 11, 2022 - 9:00 a.m.

Citrix StoreFront Security Bulletin for CVE-2022-27503

2022-04-1109:00:46
support.citrix.com
47

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.3%

JSON

A reflected cross-site scripting (XSS) issue has been discovered in Citrix StoreFront when it is configured to use SAML authentication. If exploited, this issue would allow an attacker to execute client-side JavaScript in the same context as a legitimate user. This issue has the following identifier:

CVE-ID Description Type Pre-requisites
CVE-2022-27503 Reflected Cross Site Scripting (XSS) CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) A victim user must have a current session on a StoreFront that has been configured to use SAML authentication

The issue affects the following supported versions of Citrix StoreFront:

  • Citrix StoreFront 1912 LTSR up to and including CU4 (1912.0.4000)
  • Citrix StoreFront 3.12 for 7.15 LTSR up to and including CU8 (3.12.8000)

Affected versions of Citrix Storefront are included within the following supported versions of Citrix Virtual Apps and Desktops:

  • Current Release (CR) versions of Citrix Virtual Apps and Desktops up to and including 2112
  • Citrix Virtual Apps and Desktops 1912 LTSR up to and including CU4
  • Citrix XenApp & XenDesktop 7.15 LTSR up to and including CU8

Affected configurations

Vulners
Node
citrixstorefront_serverRange3.12
CPENameOperatorVersion
the hotfix for citrix storefrontle3.12

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2022-27503
2022-04-13 17:05:54
prion
prion
Cross site scripting
2022-04-13 18:15:00
nvd
nvd
CVE-2022-27503
2022-04-13 18:15:14
cve
cve
CVE-2022-27503
2022-04-13 18:15:14

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.3%

JSON
Related for CTX377814
cvelist1prion1nvd1cve1