CVE-2016-1926

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.
Cross-site Scripting
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
greenbonegreenbone_security_assistant
6.0.0
greenbonegreenbone_security_assistant
6.0.1
greenbonegreenbone_security_assistant
6.0.2
greenbonegreenbone_security_assistant
6.0.3
greenbonegreenbone_security_assistant
6.0.4
greenbonegreenbone_security_assistant
6.0.5
greenbonegreenbone_security_assistant
6.0.6
greenbonegreenbone_security_assistant
6.0.7
greenbonegreenbone_os
3.1.1
greenbonegreenbone_os
3.1.6
greenbonegreenbone_os
3.1.7
greenbonegreenbone_os
3.1.8
greenbonegreenbone_os
3.1.9
greenbonegreenbone_os
3.1.10
greenbonegreenbone_os
3.1.11
greenbonegreenbone_os
3.1.12
greenbonegreenbone_os
3.1.13
greenbonegreenbone_os
3.1.14
greenbonegreenbone_os
3.1.15
greenbonegreenbone_os
3.1.16
greenbonegreenbone_os
3.1.17
greenbonegreenbone_os
3.1.18
greenbonegreenbone_os
3.1.19
greenbonegreenbone_os
3.1.20
greenbonegreenbone_os
3.1.21
greenbonegreenbone_os
3.1.22
greenbonegreenbone_os
3.1.23
𝑥
= Vulnerable software versions