A remote attacker may trick an authenticated user to make a request to another web application on the same host. This may be exploit due to the lack of input validation or by sending malicious script code.
CVE-2016-8714 Citrix XenApp and XenDesktop Service components, versions 6.5 and earlier, 6.1 and earlier, 5.5 and earlier, and 5.0 and earlier have a cross-site scripting vulnerability. An attacker may send malicious script code that may be executed in the context of another user.
CVE-2016-8712 Citrix Receiver for Windows and Mac OS X, versions 4.1.18 and earlier, 4.1.10 and earlier, and 3.10 and earlier allow remote attackers to execute arbitrary code or cause denial of service (memory corruption) via a crafted HTML email message.
CVE-2016-8711 Citrix GoToMeeting and other components, versions 1.0.10 and earlier, 1.0.6 and earlier, 1.0.4 and earlier, and unspecified prior to 1.0.6 allow remote attackers to execute arbitrary code via a crafted HTML email message.
Of note, this issue was discovered by WenXiang Nao of the Cisco Vulnerability Research Team.
CVE-2016-8710 Citrix XenApp and XenDesktop components, versions 6.5 and earlier, 6.1 and earlier, 5.5 and earlier, and 5.0
Microsoft Office Web Apps Remote Code Execution Vulnerability
A remote attacker may trick an authenticated user to make a request to another web application on the same host. This may be exploit due to the lack of input validation or by sending malicious script code.
CVE-2016-8711 Citrix GoToMeeting and other components, versions 1.0.10 and earlier, 1.0.6 and earlier, 1.0.4 and earlier, and unspecified prior to 1.0.6 allow remote attackers to execute arbitrary code via a crafted HTML email message.
Timeline
Published on: 04/13/2022 18:15:00 UTC
Last modified on: 04/21/2022 02:32:00 UTC