Citrix StoreFront Security Bulletin for CVE-2023-5914
Issue
A vulnerability has been discovered in Citrix StoreFront, which, if exploited, may result in a Cross-site scripting (XSS) attack.
| CVD-ID | Description | Pre-Requisites | CWE | CVSS |
| CVE-2023-5914 | Cross-site scripting (XSS) | Requires victim to access an attacker-controlled link in the browserr | CWE-79 | 5.4 |
Additional Information
Affected Versions:
The following supported versions of Citrix StoreFront are affected by the vulnerability:
Current Release (CR)
- Citrix StoreFront before 2308.1
- Citrix StoreFront before 2311
Long Term Service Release (LTSR)
- Citrix StoreFront 1912 LTSR before CU8 hotfix 3.22.8001.2
- Citrix StoreFront 2203 LTSR before CU4 Update 1
Recommended Action
Cloud Software Group strongly urges affected customers of Citrix StoreFront to install the relevant updated versions of Citrix StoreFront as soon as possible:
Current Release (CR)
- Citrix StoreFront 2308.1 and later
- Citrix StoreFront 2311and later
Long Term Service Release (LTSR)
- Citrix StoreFront 1912 LTSR CU8 hotfix 3.22.8001.2* and later
- Citrix StoreFront 2203 LTSR CU4 Update 1 and later
Please use this link for downloading the builds.
*Citrix StoreFront 1912 LTSR CU8 hotfix 3.22.8001.2 is available to download here.
More information
https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914
For assistance from the Kraft Kennedy team, please contact us.