CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25047
https://notcve.org/view.php?id=CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. Greenbone Security Assistant (GSA) versiones anteriores a 8.0.2 y Greenbone OS (GOS) versiones anteriores a 5.0.10, permiten ataques de tipo XSS durante el manejo de la URL 404 en gsad • https://github.com/greenbone/gsa/blob/master/CHANGELOG.md#802---2020-05-13 https://github.com/greenbone/gsa/issues/1601 https://github.com/greenbone/gsa/pull/1603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25016
https://notcve.org/view.php?id=CVE-2018-25016
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. Greenbone Security Assistant (GSA) versiones anteriores a 7.0.3 y Greenbone OS (GOS) versiones anteriores a 5.0.0, permiten una inyección del encabezado del host • https://github.com/greenbone/gsa/pull/318 https://github.com/greenbone/gsa/releases/tag/v7.0.3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0650
https://notcve.org/view.php?id=CVE-2011-0650
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Greenbone Security Assistant (GSA) anterior a versión 2.0+rc3, permite a los atacantes remotos secuestrar la autenticación de usuarios para las peticiones que envían correo electrónico por medio de una petición OMP hacia OpenVAS Manager. NOTA: este problema puede ser aprovechado para omitir los requisitos de autenticación para explotar el CVE-2011-0018. • http://secunia.com/advisories/43092 http://www.openvas.org/OVSA20110118.html http://www.securityfocus.com/archive/1/515971/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/65012 https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010206.html https://lists.wald.intevation.org/pipermail/openvas-commits/2011-February/010242.html • CWE-352: Cross-Site Request Forgery (CSRF) •