Published: 02/02/2017 Updated: 07/05/2021

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache guacamole 0.9.9
apache guacamole 0.9.8

Debian Bug report logs - #859136 CVE-2016-1566: XSS vulnerability in file browser Package: guacamole-client; Maintainer for guacamole-client is Debian Remote Maintainers <pkg-remote-team@listsaliothdebianorg>; Reported by: Antoine Beaupre <anarcat@orangeseedsorg> Date: Thu, 30 Mar 2017 18:48:01 UTC Severity: impo ...

CWE-79 https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859136 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1566

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect