Bug#859136: CVE-2016-1566: XSS vulnerability in file browser
Moritz Muehlenhoff
jmm at debian.org
Mon Oct 2 19:19:17 UTC 2017
On Thu, Mar 30, 2017 at 02:45:21PM -0400, Antoine Beaupre wrote:
> Package: guacamole-client
> X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
> Severity: normal
> Tags: security
> Version: 0.9.9+dfsg-1
>
> Hi,
>
> the following vulnerability was published for guacamole.
>
> CVE-2016-1566[0]:
> | Cross-site scripting (XSS) vulnerability in the file browser in
> | Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location
> | shared by multiple users, allows remote authenticated users to inject
> | arbitrary web script or HTML via a crafted filename. NOTE: this
> | vulnerability was fixed in guacamole.war on 2016-01-13, but the
> | version number was not changed.
What's the status? More than half a year has passed.
Cheers,
Moritz
More information about the pkg-remote-team
mailing list