CVE-2023-6184

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184	Vendor Advisory
https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:virtual_apps_and_desktops:::::-:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3::::::
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:::ltsr:::*
	cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:::ltsr:::*

History

21 Nov 2024, 08:43

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.2~~	v2 : unknown v3 : 5.0
References	~~() https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 - Vendor Advisory~~	() https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 - Vendor Advisory

24 Jan 2024, 17:41

Type	Values Removed	Values Added
CWE		CWE-79
CPE		cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:::::: cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:::::-:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:::ltsr:::* cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:::ltsr:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.2
First Time		Citrix virtual Apps And Desktops Citrix
References	~~() https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 -~~	() https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 - Vendor Advisory

18 Jan 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-18 01:15

Updated : 2024-11-21 08:43

NVD link : CVE-2023-6184

Mitre link : CVE-2023-6184

CVE.ORG link : CVE-2023-6184

JSON object : View

Products Affected

citrix

virtual_apps_and_desktops

CWE

CWE-913

Improper Control of Dynamically-Managed Code Resources

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.0 /10