KEVIntel
Back to KEVs
6.1
CVSS
Medium

CVE-2023-24488

PUBLISHED

Cross site scripting

Exploited in the wild PoC available Remote Low complexity
Vendor
Citrix
Product
Citrix ADC and Citrix Gateway 
Published
Jul 10, 2023
EPSS

Description

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting

nuclei_scanner

CVSS scores

CVSS v3.1 6.1 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2025-04-22 00:00:00 UTC · Source

Proof of concept available

Recorded 2023-07-04 18:02:50 UTC · Source

SSVC decision points

Exploitation
none
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) Apr 28, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-24488.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

raytheon0x21/CVE-2023-24488

github · Created 2023-07-31 11:29:16 UTC · 0 stars

Tools to perform exploit CVE-2023-24488

securitycipher/CVE-2023-24488

github · Created 2023-07-04 18:02:50 UTC · 13 stars

POC for CVE-2023-24488

SirBugs/CVE-2023-24488-PoC

github · Created 2023-07-01 17:47:17 UTC · 9 stars

CVE-2023-24488 PoC

Timeline

  • CVE ID Reserved

  • Proof of Concept Exploit Available

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel