2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the charts module in Greenbone Security Assistant GSA 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregatetype parameter in a getaggregate command to omp...
CVE-2016-1926
The CVE-2016-1926 entry concerns Greenbone Security Assistant (GSA) 6.x up to 6.0.8, where the charts module is vulnerable to cross-site scripting (XSS). The flaw is caused by insufficient input sanitization on the aggregate_type parameter used by the get_aggregate command to omp, enabling a remo...