.. / CVE-2023-24488

Exploit for Citrix Gateway and Citrix ADC - Cross-Site Scripting (CVE-2023-24488)

Description:

Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.

Nuclei Template

View the template here CVE-2023-24488.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-24488.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24488
https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
https://twitter.com/infosec_au/status/1674786106381070342
https://twitter.com/bxmbn/status/1675250259608449026
https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488