In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NTeradici Pcoip Management Console
APPTeradici20.07.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2017-20121HIGH7.8ten sam produkt
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by ...
CVE-2020-10965HIGH8.1ten sam produkt
Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via log...
CVE-2020-13183MEDIUM6.1ten sam produkt
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to ...
CVE-2020-13174MEDIUM6.1ten sam produkt
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-...
CVE-2021-25689CRITICAL9.8ten sam vendor
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker...