CVE-2019-25047
https://notcve.org/view.php?id=CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. Greenbone Security Assistant (GSA) versiones anteriores a 8.0.2 y Greenbone OS (GOS) versiones anteriores a 5.0.10, permiten ataques de tipo XSS durante el manejo de la URL 404 en gsad • https://github.com/greenbone/gsa/blob/master/CHANGELOG.md#802---2020-05-13 https://github.com/greenbone/gsa/issues/1601 https://github.com/greenbone/gsa/pull/1603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-25016
https://notcve.org/view.php?id=CVE-2018-25016
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. Greenbone Security Assistant (GSA) versiones anteriores a 7.0.3 y Greenbone OS (GOS) versiones anteriores a 5.0.0, permiten una inyección del encabezado del host • https://github.com/greenbone/gsa/pull/318 https://github.com/greenbone/gsa/releases/tag/v7.0.3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2016-1926
https://notcve.org/view.php?id=CVE-2016-1926
Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. Vulnerabilidad de XSS en el módulo charts en Greenbone Security Assistant (GSA) 6.x en versiones anteriores a 6.0.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro aggregate_type en un comando get_aggregate para omp. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html http://packetstormsecurity.com/files/135328/OpenVAS-Greenbone-Security-Assistant-Cross-Site-Scripting.html http://www.greenbone.net/technology/gbsa2016-01.html http://www.openvas.org/OVSA20160113.html http://www.securityfocus.com/archive/1/537335/100/0/threaded https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •