CVE-2016-1566

Beschreibung:
Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

CWE: CWE-79

CVSS-Bewertung
CVSS 2: LOW – 3.5 (Version: 2.0)
CVSS 3: MEDIUM – 5.4 (Version: 3.0)

Links:

NVD – CVE-2016-1566
CVE – CVE-2016-1566

Link (max. 20) Quelle Tags
https://sourceforge.net/p/guacamole/news/2016/02/security-advisory—stored-xss-cve-2016-1566–guac-1465/ CONFIRM Third Party Advisory Third Party Advisory Vendor Advisory
97242 BID Third Party Advisory VDB Entry
FEDORA-2021-f41d5fc954 FEDORA Third Party Advisory VDB Entry
FEDORA-2021-dd62918333 FEDORA Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM Patch Third Party Advisory
GLSA-201710-32 GENTOO Third Party Advisory
DSA-3896 DEBIAN Third Party Advisory
https://support.apple.com/HT208221 CONFIRM Third Party Advisory
RHSA-2017:3195 REDHAT Third Party Advisory
RHSA-2017:3194 REDHAT Third Party Advisory
RHSA-2017:3193 REDHAT Third Party Advisory
RHSA-2017:3477 REDHAT Third Party Advisory
RHSA-2017:3476 REDHAT Third Party Advisory
RHSA-2017:3475 REDHAT Third Party Advisory
RHSA-2017:2483 REDHAT Third Party Advisory
RHSA-2017:2479 REDHAT Third Party Advisory
RHSA-2017:2478 REDHAT Third Party Advisory
https://security.netapp.com/advisory/ntap-20180601-0002/ CONFIRM Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us CONFIRM Third Party Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] – in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html MLIST Mailing List Vendor Advisory

Quelle: NVD – CVE-2016-1566
Datum Veröffentlichung: 2017-02-02T15:59Z, Datum letzte Änderung: 2021-05-07T18:33Z