Published: 02/02/2017 Updated: 07/05/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache guacamole 0.9.9

apache guacamole 0.9.8

Vendor Advisories

Debian Bug report logs - #859136 CVE-2016-1566: XSS vulnerability in file browser Package: guacamole-client; Maintainer for guacamole-client is Debian Remote Maintainers <pkg-remote-team@listsaliothdebianorg>; Reported by: Antoine Beaupre <anarcat@orangeseedsorg> Date: Thu, 30 Mar 2017 18:48:01 UTC Severity: impo ...