CVE-2016-1566

CWE-79Cross-site Scripting (XSS)8 documents5 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 55.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Guacamole
Timeline
PublishedFeb 2
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDapache/guacamole0.9.8, 0.9.9+1

🔴Vulnerability Details

2
GHSA
GHSA-h3fg-gg9m-6pp2: Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 02022-05-13
CVEList
CVE-2016-1566: Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 02017-02-02

📋Vendor Advisories

1
Apache
Apache guacamole: CVE-2016-1566

💬Community

4
Bugzilla
CVE-2016-1566 guacamole: Stored cross-site scripting2017-02-02
Bugzilla
CVE-2016-1566 guacamole: Stored cross-site scripting [fedora-all]2017-02-02
Bugzilla
CVE-2016-1566 guacamole: Stored cross-site scripting [epel-6]2017-02-02
Bugzilla
CVE-2016-1566 guacamole: Stored cross-site scripting [epel-7]2017-02-02
CVE-2016-1566 (MEDIUM CVSS 5.4) | Cross-site scripting (XSS) vulnerab | cvebase.io