Back to KEVs

CVE-2020-8191

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 28, 2020
Published Date: July 10, 2020
Last Updated: August 04, 2024
Vendor: Citrix
Product: ["ADC", "Gateway", "SDWAN WAN-OP"]
Description: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
Tags

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

Score: 90.01% (Percentile: 99.55%) as of 2025-06-13

Exploit Status

Exploited in the Wild: Yes (2025-06-12 00:00:00 UTC) Source

References

https://support.citrix.com/article/CTX276688

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-06-13 12:00:19 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8191.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

January 28, 2020
CVE Published to Public

July 10, 2020
Detected by Nuclei

April 26, 2025
Added to KEVIntel

June 13, 2025