CVE-2023-5914

Cross-site scripting (XSS)

Basic Information

CVE State: PUBLISHED
Reserved Date: November 01, 2023
Published Date: January 17, 2024
Last Updated: June 17, 2025
Vendor: Cloud Software Group
Product: Citrix StoreFront
Description: Cross-site scripting (XSS)
Tags

CVSS Scores

CVSS v3.1

5.4 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

SSVC Information

Exploitation: none
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-12-26 00:00:00 UTC) Source

References

https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-12-26 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-5914.yaml	2025-04-25 00:00:00 UTC

Timeline

CVE ID Reserved

November 01, 2023
CVE Published to Public

January 17, 2024
Detected by Nuclei

April 25, 2025
Added to KEVIntel

December 26, 2025