Skip to main content

Xenmobile Server CVE-2018-10649

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-05-23 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 23, 2018 - 17:29 nvd
MEDIUM 6.1

DescriptionNVD

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.

AnalysisAI

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Affected products include: Citrix Xenmobile Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2018-10653 CRITICAL POC
9.8 May 23

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befor

CVE-2018-18013 HIGH POC
7.8 Oct 24

* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated i

CVE-2020-8209 HIGH POC
7.5 Aug 17

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix Xe

CVE-2020-8212 CRITICAL
9.8 Aug 17

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix Xe

CVE-2020-8211 CRITICAL
9.8 Aug 17

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix

CVE-2018-10648 CRITICAL
9.8 May 23

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Ra

CVE-2018-18014 MEDIUM POC
4.8 Oct 24

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands

CVE-2018-10654 HIGH
8.1 May 23

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befo

CVE-2018-10650 HIGH
7.8 May 23

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. R

CVE-2017-9231 HIGH
7.5 Jun 16

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obta

CVE-2020-8253 HIGH
7.5 Sep 18

Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix Xe

CVE-2020-8210 HIGH
7.5 Aug 17

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6

Share

CVE-2018-10649 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy