Petr Juhanak of Accenture, Dylan Pindur of Assetnote, and Wisdomtree of Ant Group Digital Financial Security Team have discovered two vulnerabilities in Citrix ADC and Citrix Gateway. CVE-2023-24487 may allow attackers to read arbitrary files. CVE-2023-24488 is a cross-site scripting vulnerability that may allow an attacker to execute JavaScript in the victim’s browser. Citrix ADC … Continue reading “Citrix ADC and Citrix Gateway Arbitrary File Read and Cross-Site Scripting Vulnerabilities (CVE-2023-24487 & CVE-2023-24488)”