CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25047
https://notcve.org/view.php?id=CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. Greenbone Security Assistant (GSA) versiones anteriores a 8.0.2 y Greenbone OS (GOS) versiones anteriores a 5.0.10, permiten ataques de tipo XSS durante el manejo de la URL 404 en gsad • https://github.com/greenbone/gsa/blob/master/CHANGELOG.md#802---2020-05-13 https://github.com/greenbone/gsa/issues/1601 https://github.com/greenbone/gsa/pull/1603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25016
https://notcve.org/view.php?id=CVE-2018-25016
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. Greenbone Security Assistant (GSA) versiones anteriores a 7.0.3 y Greenbone OS (GOS) versiones anteriores a 5.0.0, permiten una inyección del encabezado del host • https://github.com/greenbone/gsa/pull/318 https://github.com/greenbone/gsa/releases/tag/v7.0.3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 1CVE-2016-1926
https://notcve.org/view.php?id=CVE-2016-1926
Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. Vulnerabilidad de XSS en el módulo charts en Greenbone Security Assistant (GSA) 6.x en versiones anteriores a 6.0.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro aggregate_type en un comando get_aggregate para omp. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html http://packetstormsecurity.com/files/135328/OpenVAS-Greenbone-Security-Assistant-Cross-Site-Scripting.html http://www.greenbone.net/technology/gbsa2016-01.html http://www.openvas.org/OVSA20160113.html http://www.securityfocus.com/archive/1/537335/100/0/threaded https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0650
https://notcve.org/view.php?id=CVE-2011-0650
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Greenbone Security Assistant (GSA) anterior a versión 2.0+rc3, permite a los atacantes remotos secuestrar la autenticación de usuarios para las peticiones que envían correo electrónico por medio de una petición OMP hacia OpenVAS Manager. NOTA: este problema puede ser aprovechado para omitir los requisitos de autenticación para explotar el CVE-2011-0018. • http://secunia.com/advisories/43092 http://www.openvas.org/OVSA20110118.html http://www.securityfocus.com/archive/1/515971/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/65012 https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html • CWE-352: Cross-Site Request Forgery (CSRF) •