Citrix Gateway Open Redirect and XSS
Description
Citrix Gateway contains an Open Redirect and Cross-Site Scripting (XSS) vulnerability in its logout functionality. The post_logout_redirect_uri query parameter is not properly validated or sanitized before being used in HTTP Location headers. This allows attackers to craft malicious URLs that either redirect users to attacker-controlled domains or inject malicious content into the HTTP response by prematurely terminating headers and inserting arbitrary HTML/JavaScript into the response body.
Remediation
Immediately upgrade affected Citrix ADC and Citrix Gateway installations to patched versions:
• Citrix ADC and Gateway 13.1: Upgrade to version 13.1-45.61 or later
• Citrix ADC and Gateway 13.0: Upgrade to version 13.0-90.11 or later
• Citrix ADC and Gateway 12.1: Upgrade to version 12.1-65.35 or later
• Citrix ADC 12.1-FIPS: Upgrade to version 12.1-55.296 or later
• Citrix ADC 12.1-NDcPP: Upgrade to version 12.1-55.296 or later
Until patches can be applied, implement the following interim mitigations:
• Monitor and log all logout redirect attempts for suspicious patterns
• Educate users to verify destination URLs before entering credentials after logout
• Consider implementing network-level controls to restrict external redirects from the Gateway
Consult the official Citrix security bulletin (CTX477714) for detailed upgrade instructions and any additional vendor-recommended security configurations.