CVE-2016-2789 (xenmobile_server)
Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2016-2789 (xenmobile_server)