CVE-2023-6184: XSS in Citrix Session Recording
CVE-2023-6184 Published on January 18, 2024
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
Vulnerability Analysis
CVE-2023-6184 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Control of Dynamically-Managed Code Resources
The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.
Products Associated with CVE-2023-6184
Want to know whenever a new CVE is published for Citrix Virtual Apps And Desktops? stack.watch will email you.
Affected Versions
Cloud Software Group Citrix Session Recording:- Version 2311 Current Release and below 0 is affected.
- Version 1912 LTSR and below CU8 hotfix 19.12.8100.4 is affected.
- Version 2203 LTSR and below CU4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.