| title | cve | fixed |
|---|---|---|
Stored cross-site scripting (XSS) in file browser |
CVE-2016-1566 |
0.9.9 |
A cross-site scripting (XSS) vulnerability was discovered through which files with specially-crafted filenames could lead to JavaScript execution if file transfer is enabled to a location which is shared by multiple users, and the filename is displayed within the file browser located within the Guacamole menu.
Acknowledgements: We would like to thank Niv Levy for reporting this issue.