Login: Support | Partner    
 
Home » Technology » GBSA2016-01 

GBSA2016-01

Summary

All GSM models except for GSM 25 and GSM 25V with Greenbone OS 3.1 are subject to a cross site scripting vulnerability in the web user interface.

Given the attacker has access to a session token of the browser session, a cross site scripting can be executed via a command of the charts module.

Affected

All GSM models except GSM 25 and GSM 25V.

Greenbone OS 3.1.1 up to 3.1.23.

Severity

CVSS: AV:A/AC:M/Au:M/C:P/I:N/A:N (1.9 - Low)

Resolution

Upgrade at least to Greenbone OS 3.1.24.

History

2016-01-07: Problem identified by Sebastian Neef (Internetwache.org).
2016-01-08: Problem solved and solution prepared.
2016-01-09: Solution published as new Patch Level release for GOS 3.1.
2016-01-20: Added assigned CVE-2016-1926.

Download this advisory as CVRF.
(you can use Farol to review the CVRF)