3 matches found
CVE-2018-25016
CVE-2018-25016 concerns Greenbone Security Assistant (GSA) and Greenbone OS (GOS). Affected versions are GSA prior to 7.0.3 and GOS prior to 5.0.0, where a host header injection vulnerability exists in the GSA web interface. The underlying issue is the handling of HTTP Host headers, enabling inje...
CVE-2016-1926
The CVE-2016-1926 entry concerns Greenbone Security Assistant (GSA) 6.x up to 6.0.8, where the charts module is vulnerable to cross-site scripting (XSS). The flaw is caused by insufficient input sanitization on the aggregate_type parameter used by the get_aggregate command to omp, enabling a remo...
CVE-2019-25047
CVE-2019-25047 affects Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10. The flaw is an XSS in 404 URL handling in gsad. Exploitation context and impact are stated as cross-site scripting in affected web interfaces; patch versions have been released: GSA 8.0.2 ...