All GSM models except for GSM 25 and GSM 25V with Greenbone OS 3.1 are subject to a cross site scripting vulnerability in the web user interface.
Given the attacker has access to a session token of the browser session, a cross site scripting can be executed via a command of the charts module.
All GSM models except GSM 25 and GSM 25V.
Greenbone OS 3.1.1 up to 3.1.23.
CVSS: AV:A/AC:M/Au:M/C:P/I:N/A:N (1.9 - Low)
Upgrade at least to Greenbone OS 3.1.24.
2016-01-07: Problem identified by Sebastian Neef (Internetwache.org).
2016-01-08: Problem solved and solution prepared.
2016-01-09: Solution published as new Patch Level release for GOS 3.1.
2016-01-20: Added assigned CVE-2016-1926.