CVE-2023-6184

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6184
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:*:*:ltsr:*:*:*
History

24 Jan 2024, 17:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
References () https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 - () https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 - Vendor Advisory
CWE CWE-79
CPE cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*

18 Jan 2024, 13:42

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-18 01:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-6184

Mitre link : CVE-2023-6184

CVE.ORG link : CVE-2023-6184

JSON object : View

Products Affected

citrix

  • virtual_apps_and_desktops
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-913

Improper Control of Dynamically-Managed Code Resources