CVE-2016-1926

Опубликовано: 26 янв. 2016

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html
Third Party Advisory
http://packetstormsecurity.com/files/135328/OpenVAS-Greenbone-Security-Assistant-Cross-Site-Scripting.html
Third Party Advisory
http://www.greenbone.net/technology/gbsa2016-01.html
Broken Link
Vendor Advisory
http://www.openvas.org/OVSA20160113.html
Third Party Advisory
http://www.securityfocus.com/archive/1/537335/100/0/threaded
https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016/
Exploit
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html
Third Party Advisory
http://packetstormsecurity.com/files/135328/OpenVAS-Greenbone-Security-Assistant-Cross-Site-Scripting.html
Third Party Advisory
http://www.greenbone.net/technology/gbsa2016-01.html
Broken Link
Vendor Advisory
http://www.openvas.org/OVSA20160113.html
Third Party Advisory
http://www.securityfocus.com/archive/1/537335/100/0/threaded
https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.7:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:greenbone:greenbone_os:3.1.1:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.6:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.7:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.8:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.9:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.10:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.11:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.12:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.13:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.14:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.15:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.16:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.17:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.18:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.19:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.20:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.21:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.22:*:*:*:*:*:*:*

cpe:2.3:o:greenbone:greenbone_os:3.1.23:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00717

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m58f-5mcm-c967

CVSS3: 6.1

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00717

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79