A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition and Citrix ADC formerly known as NetScaler ADC, that if exploited by an attacker with access to the NetScaler administrative user interface including the management interface, could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execute script in the browser of an authenticated user then the script may be able to gain access to the authenticated user’s session or other potentially sensitive information.
This vulnerability has been assigned the following CVE number:
• CVE-2018-18517: Cross-Site Scripting vulnerability in Citrix NetScaler Gateway
This vulnerability is present in the following versions of Citrix NetScaler Gateway and Citrix ADC:
10.5.x earlier than version 10.5.69.3
11.1.x earlier than version 18.104.22.168
12.0.x earlier than version 22.214.171.124
12.1.x earlier than version 126.96.36.199