PT-2017-7968 · Apache · Guacamole
Niv Levy
·
Published
2017-02-02
·
Updated
2021-05-07
·
CVE-2016-1566
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Guacamole versions 0.9.8 through 0.9.9
Description
A cross-site scripting (XSS) issue exists in the file browser when file transfer is enabled to a shared location. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
Recommendations
For Guacamole versions 0.9.8 and 0.9.9, update the guacamole.war file to the version fixed on 2016-01-13 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Guacamole