Unrated severityNVD Advisory· Published Nov 17, 2015· Updated Jun 17, 2026
CVE-2015-7997
CVE-2015-7997
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected products
7cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
- (no CPE)range: < 10.1 Build 133.9, < 10.5 Build 58.11
- cpe:2.3:o:citrix:netscaler_service_delivery_appliance_service_vm:10.5e:*:*:*:*:*:*:*
- Range: < 10.1 Build 133.9, < 10.5 Build 58.11
Patches
Vulnerability mechanics
References
2- support.citrix.com/article/CTX202482nvdPatchVendor Advisory
- www.securitytracker.com/id/1034167nvd
News mentions
0No linked articles in our index yet.