cvelistv5 - cve-2023-6184

CVE-2023-6184 (GCVE-0-2023-6184)

Vulnerability from cvelistv5

Published

2024-01-18 01:04

Modified

2025-06-02 15:04

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-913 - Improper Control of Dynamically-Managed Code Resources

Summary

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

References

►

URL

Tags

	secure@citrix.com	https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Cloud Software Group	Citrix Session Recording	Version: 2311 Current Release Version: 1912 LTSR Version: 2203 LTSR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:53:46.961310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-02T15:04:27.473Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix Session Recording",
          "vendor": "Cloud Software Group",
          "versions": [
            {
              "lessThan": "0",
              "status": "affected",
              "version": "2311 Current Release",
              "versionType": "patch"
            },
            {
              "lessThan": "CU8 hotfix 19.12.8100.4",
              "status": "affected",
              "version": "1912 LTSR ",
              "versionType": "patch"
            },
            {
              "lessThan": "CU4",
              "status": "affected",
              "version": "2203 LTSR",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting"
            }
          ],
          "value": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-18T01:04:15.120Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-6184",
    "datePublished": "2024-01-18T01:04:15.120Z",
    "dateReserved": "2023-11-16T21:18:24.367Z",
    "dateUpdated": "2025-06-02T15:04:27.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6184\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2024-01-18T01:15:43.723\",\"lastModified\":\"2024-11-21T08:43:18.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-913\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"2311\",\"matchCriteriaId\":\"145B0427-AFE9-4C0E-AABB-A460F4D4A690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"F9330183-B04B-46F1-9DA6-5EAF216DFCC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"A2486FD4-AF16-4F57-836A-42A2D11012C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"1BF66372-CFDC-42DD-87FA-480DC0565977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE66CEF-6D57-429A-9776-E5ED73827A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"AE1E7523-EEB7-46CE-A01E-04FACB407395\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"0B60552E-923B-4064-96D9-0F565C58695C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"21EC9092-FCA9-41AA-9A9B-83D7E3DABB2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"5353646C-E3FB-4315-83C7-D6EEE258C964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"0A7169FA-E416-436B-B9D1-6249E0E1BC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"8AE1E7FC-9E2C-45BC-9F12-43149210D261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"0AEBE958-3A73-4F9D-932E-62495408A609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"BBD9FA8E-333E-4231-9F7D-08A604D065AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"9E928A6F-EEAF-4142-BA77-30845345C28D\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:21:17.772Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6184\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:53:46.961310Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:53:48.997Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Cloud Software Group\", \"product\": \"Citrix Session Recording\", \"versions\": [{\"status\": \"affected\", \"version\": \"2311 Current Release\", \"lessThan\": \"0\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"1912 LTSR \", \"lessThan\": \"CU8 hotfix 19.12.8100.4\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"2203 LTSR\", \"lessThan\": \"CU4\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-913\", \"description\": \"CWE-913 Improper Control of Dynamically-Managed Code Resources\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2024-01-18T01:04:15.120Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-6184\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-02T15:04:27.473Z\", \"dateReserved\": \"2023-11-16T21:18:24.367Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2024-01-18T01:04:15.120Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-6184

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

Aliases

CVE-2023-6184

Aliases

CVE-2023-6184

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-6184",
    "id": "GSD-2023-6184"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-6184"
      ],
      "details": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting",
      "id": "GSD-2023-6184",
      "modified": "2023-12-13T01:20:32.957980Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@citrix.com",
        "ID": "CVE-2023-6184",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix Session Recording",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "2311 Current Release",
                          "version_value": "0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1912 LTSR ",
                          "version_value": "CU8 hotfix 19.12.8100.4"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "2203 LTSR",
                          "version_value": "CU4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cloud Software Group"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-913",
                "lang": "eng",
                "value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "145B0427-AFE9-4C0E-AABB-A460F4D4A690",
                    "versionEndIncluding": "2311",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "A2486FD4-AF16-4F57-836A-42A2D11012C8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "1BF66372-CFDC-42DD-87FA-480DC0565977",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*",
                    "matchCriteriaId": "3DE66CEF-6D57-429A-9776-E5ED73827A8F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "AE1E7523-EEB7-46CE-A01E-04FACB407395",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "0B60552E-923B-4064-96D9-0F565C58695C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "21EC9092-FCA9-41AA-9A9B-83D7E3DABB2E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "5353646C-E3FB-4315-83C7-D6EEE258C964",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "0A7169FA-E416-436B-B9D1-6249E0E1BC16",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "8AE1E7FC-9E2C-45BC-9F12-43149210D261",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "0AEBE958-3A73-4F9D-932E-62495408A609",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "BBD9FA8E-333E-4231-9F7D-08A604D065AF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:*:*:ltsr:*:*:*",
                    "matchCriteriaId": "9E928A6F-EEAF-4142-BA77-30845345C28D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting"
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting"
          }
        ],
        "id": "CVE-2023-6184",
        "lastModified": "2024-01-24T17:41:06.617",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.7,
              "impactScore": 4.2,
              "source": "secure@citrix.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-18T01:15:43.723",
        "references": [
          {
            "source": "secure@citrix.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
          }
        ],
        "sourceIdentifier": "secure@citrix.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-913"
              }
            ],
            "source": "secure@citrix.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

ghsa-28qj-gvxv-p5g9

Vulnerability from github

Published

2024-01-18 03:30

Modified

2024-01-18 03:30

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

Details

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-6184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-913"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-18T01:15:43Z",
    "severity": "MODERATE"
  },
  "details": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting",
  "id": "GHSA-28qj-gvxv-p5g9",
  "modified": "2024-01-18T03:30:24Z",
  "published": "2024-01-18T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6184"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2023-6184

Vulnerability from fkie_nvd

Published

2024-01-18 01:15

Modified

2024-11-21 08:43

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting

References

▶	URL	Tags
	secure@citrix.com	https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	virtual_apps_and_desktops	*
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	1912
citrix	virtual_apps_and_desktops	2203
citrix	virtual_apps_and_desktops	2203
citrix	virtual_apps_and_desktops	2203
citrix	virtual_apps_and_desktops	2203

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "145B0427-AFE9-4C0E-AABB-A460F4D4A690",
              "versionEndIncluding": "2311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
              "matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*",
              "matchCriteriaId": "A2486FD4-AF16-4F57-836A-42A2D11012C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*",
              "matchCriteriaId": "1BF66372-CFDC-42DD-87FA-480DC0565977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*",
              "matchCriteriaId": "3DE66CEF-6D57-429A-9776-E5ED73827A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*",
              "matchCriteriaId": "AE1E7523-EEB7-46CE-A01E-04FACB407395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*",
              "matchCriteriaId": "0B60552E-923B-4064-96D9-0F565C58695C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*",
              "matchCriteriaId": "21EC9092-FCA9-41AA-9A9B-83D7E3DABB2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*",
              "matchCriteriaId": "5353646C-E3FB-4315-83C7-D6EEE258C964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:*:*:ltsr:*:*:*",
              "matchCriteriaId": "0A7169FA-E416-436B-B9D1-6249E0E1BC16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*",
              "matchCriteriaId": "8AE1E7FC-9E2C-45BC-9F12-43149210D261",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*",
              "matchCriteriaId": "0AEBE958-3A73-4F9D-932E-62495408A609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*",
              "matchCriteriaId": "BBD9FA8E-333E-4231-9F7D-08A604D065AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:*:*:ltsr:*:*:*",
              "matchCriteriaId": "9E928A6F-EEAF-4142-BA77-30845345C28D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting"
    }
  ],
  "id": "CVE-2023-6184",
  "lastModified": "2024-11-21T08:43:18.513",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 4.2,
        "source": "secure@citrix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-18T01:15:43.723",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-913"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

wid-sec-w-2024-0129

Vulnerability from csaf_certbund

Published

2024-01-16 23:00

Modified

2024-01-16 23:00

Summary

Citrix Systems Virtual Apps and Desktops: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Citrix Virtual Apps and Desktops ist eine Lösung zur Anwendungsvirtualisierung.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Citrix Systems Virtual Apps and Desktops ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Virtual Apps and Desktops ist eine L\u00f6sung zur Anwendungsvirtualisierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Citrix Systems Virtual Apps and Desktops ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0129 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0129.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0129 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0129"
      },
      {
        "category": "external",
        "summary": "Citrix Security Bulletin vom 2024-01-16",
        "url": "https://support.citrix.com/article/CTX583930"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix Systems Virtual Apps and Desktops: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-01-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:52.564+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0129",
      "initial_release_date": "2024-01-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems Virtual Apps and Desktops \u003c 2311",
                "product": {
                  "name": "Citrix Systems Virtual Apps and Desktops \u003c 2311",
                  "product_id": "T032187",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:citrix:virtual_apps_and_desktops:2311"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Virtual Apps and Desktops \u003c 1912 LTSR CU8 hotfix 19.12.8100.4",
                "product": {
                  "name": "Citrix Systems Virtual Apps and Desktops \u003c 1912 LTSR CU8 hotfix 19.12.8100.4",
                  "product_id": "T032188",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:citrix:virtual_apps_and_desktops:1912_ltsr_cu8_hotfix_19.12.8100.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Virtual Apps and Desktops \u003c 2203 LTSR CU4",
                "product": {
                  "name": "Citrix Systems Virtual Apps and Desktops \u003c 2203 LTSR CU4",
                  "product_id": "T032189",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:citrix:virtual_apps_and_desktops:2203_ltsr_cu4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Virtual Apps and Desktops"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6184",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Citrix Systems Virtual Apps and Desktops. Die Ursache wird nicht im Detail beschrieben. Ein entfernter, authentisierter Angreifer, welcher \u00fcber erweiterte Privilegien verf\u00fcgt kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren."
        }
      ],
      "release_date": "2024-01-16T23:00:00.000+00:00",
      "title": "CVE-2023-6184"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-6184 (GCVE-0-2023-6184)

Vulnerability from cvelistv5

gsd-2023-6184

Vulnerability from gsd

ghsa-28qj-gvxv-p5g9

Vulnerability from github

fkie_cve-2023-6184

Vulnerability from fkie_nvd

wid-sec-w-2024-0129

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature