Han Sahin, August 2014
It was discovered that the help pages of Citrix VPX are vulnerable to
Cross-Site Scripting. This issue allows attackers to perform a wide
variety of actions, such as stealing the victim's session token or login
credentials, performing arbitrary actions on the victim's behalf, and
logging their keystrokes.
This issue was discovered in Citrix NetScaler VPX NSVPX-ESX-10.5-50.10,
other versions may also be vulnerable.
Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.8nc.