6.1
CVE-2020-13176
- EPSS 0.52%
- Veröffentlicht 11.08.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:00:48
- Quelle security@teradici.com
- CVE-Watchlists
- Unerledigt
LoginThe Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teradici ≫ Cloud Access Connector Version <= 16
Teradici ≫ Cloud Access Connector Legacy Version < 2020-04-24
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.642 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.