The Nitro API in Citrix NetScaler prior to 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrix netscaler 10.5 |