Citrix NetScaler ADC/Gateway XSS (CVE-2025-12101)
Severity:
Medium
Summary
Citrix NetScaler ADC and NetScaler Gateway contain a reflected cross-site scripting vulnerability when the appliance is configured as a Gateway or AAA virtual server. The vulnerability exists in the SAML response handling mechanism, allowing an attacker to inject malicious JavaScript code through specially crafted RelayState parameters.
Impact
An attacker exploiting this vulnerability can craft malicious links that when clicked, can redirect the victim to a malicious site or execute malicious JavaScript code within the victim's browser. This leads to potential theft of sensitive information, session hijacking, defacement of websites, or other unwanted actions conducted on behalf of the user.
Remediation
Upgrade to the latest version of Citrix NetScaler ADC and Gateway
Required Skills for Successful Exploitation
Actions To Take
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Related Vulnerabilities
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
