CVE-2022-27503 StoreFront XSS vulnerability in Citrix v1912 and 3.12 before CU9

CVE-2022-27503 StoreFront XSS vulnerability in Citrix v1912 and 3.12 before CU9

A remote attacker may trick an authenticated user to make a request to another web application on the same host. This may be exploit due to the lack of input validation or by sending malicious script code.

CVE-2016-8714 Citrix XenApp and XenDesktop Service components, versions 6.5 and earlier, 6.1 and earlier, 5.5 and earlier, and 5.0 and earlier have a cross-site scripting vulnerability. An attacker may send malicious script code that may be executed in the context of another user.

CVE-2016-8712 Citrix Receiver for Windows and Mac OS X, versions 4.1.18 and earlier, 4.1.10 and earlier, and 3.10 and earlier allow remote attackers to execute arbitrary code or cause denial of service (memory corruption) via a crafted HTML email message.

CVE-2016-8711 Citrix GoToMeeting and other components, versions 1.0.10 and earlier, 1.0.6 and earlier, 1.0.4 and earlier, and unspecified prior to 1.0.6 allow remote attackers to execute arbitrary code via a crafted HTML email message.
Of note, this issue was discovered by WenXiang Nao of the Cisco Vulnerability Research Team.

CVE-2016-8710 Citrix XenApp and XenDesktop components, versions 6.5 and earlier, 6.1 and earlier, 5.5 and earlier, and 5.0

Microsoft Office Web Apps Remote Code Execution Vulnerability

A remote attacker may trick an authenticated user to make a request to another web application on the same host. This may be exploit due to the lack of input validation or by sending malicious script code.

CVE-2016-8711 Citrix GoToMeeting and other components, versions 1.0.10 and earlier, 1.0.6 and earlier, 1.0.4 and earlier, and unspecified prior to 1.0.6 allow remote attackers to execute arbitrary code via a crafted HTML email message.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe