Description
The Citrix Gateway is vulnerable to Open Redirect and XSS (cross-site scripting). The value of the post_logout_redirect_uri query parameter is not properly sanitized before being placed into an HTTP Location header. Attackers can exploit this flaw to create a malicious link which redirects the victim to an arbitrary location or prematurely ends the HTTP headers to inject an XSS payload into the response body.
Remediation
Users are advised to update their Citrix Gateway to the latest version, as the versions Citrix ADC and Citrix Gateway 13.1 before 13.1-45.61, Citrix ADC and Citrix Gateway 13.0 before 13.0-90.11, Citrix ADC and Citrix Gateway 12.1 before 12.1-65.35, Citrix ADC 12.1-FIPS before 12.1-55.296, and Citrix ADC 12.1-NDcPP before 12.1-55.296 are known to be affected. Please refer to Citrix's official advisory for more information and support.
References
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488
Advisory: Citrix Gateway Open Redirect and XSS (CVE-2023-24488)