.. / CVE-2023-5914

Exploit for Citrix StoreFront - Cross-Site Scripting (CVE-2023-5914)

Description:

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.

Nuclei Template

View the template here CVE-2023-5914.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-5914.yaml
Copy

References:

https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914
https://www.assetnote.io/resources/research/continuing-the-citrix-saga-cve-2023-5914-cve-2023-6184
https://nvd.nist.gov/vuln/detail/CVE-2023-5914
https://www.youtube.com/watch?v=t8MeUQrPqec