The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
CPE | Name | Operator | Version |
---|---|---|---|
cloud_access_connector | le | 16 | |
cloud_access_connector_legacy | eq | < 2020424 |