CVE-2020-13176: XSS
First published: Tue Aug 11 2020(Updated: )
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
Credit: security@teradici.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teradici Cloud Access Connector | <=16 | |
| Teradici Cloud Access Connector Legacy | <2020-04-24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability is identified by CVE-2020-13176.
What is the severity of CVE-2020-13176?
The severity of CVE-2020-13176 is medium with a CVSS score of 6.1.
What is the affected software for CVE-2020-13176?
The affected software for CVE-2020-13176 includes Teradici Cloud Access Connector and Teradici Cloud Access Connector Legacy versions up to April 24, 2020 (v16 and earlier).
What is the CWE category for CVE-2020-13176?
The CWE category for CVE-2020-13176 is CWE-79 (Cross-Site Scripting).
How can I fix the vulnerability in Teradici Cloud Access Connector and Teradici Cloud Access Connector Legacy?
To fix the vulnerability in Teradici Cloud Access Connector and Teradici Cloud Access Connector Legacy, update to a version later than April 24, 2020 (v16 and later).
- collector/nvd-index
- vendor/teradici
- product/cloud access connector
- canonical/teradici cloud access connector
- product/cloud access connector legacy
- canonical/teradici cloud access connector legacy