Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Trouble report
ID:TR05X11821
Added on: 2026-05-12
Last Update: 2026-05-29
Solved in version: 9.6.3
Platform: All Platforms
Product: NoMachine Web Player
Severity: Serious
Status: Solved
Print this article

Possible execution of an arbitrary XXS script during the login via web

A crafted URL could be used to load the login page of the web player and inject an arbirtrary script (XXS, Cross-Site Scripting) in the user's browser which may allow the attacker to impersonate the user and gain access to the remote desktop.

SOLVED, Released in version 9.6.3