Greenbone Security Assistant vulnerabilities
4 known vulnerabilities affecting greenbone/greenbone_security_assistant.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2018-25016P3CRITICALCVSS 9.8fixed in 7.0.32021-06-21
CVE-2018-25016 [CRITICAL] CWE-74 CVE-2018-25016: Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Heade
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.
nvd
CVE-2011-0650P4MEDIUMCVSS 6.8≤ 2.02011-01-28
CVE-2011-0650 [MEDIUM] CVE-2011-0650: Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3
Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.
nvd
CVE-2016-1926P4MEDIUMCVSS 6.1v6.0.0v6.0.1+6 more2016-01-26
CVE-2016-1926 [MEDIUM] CWE-79 CVE-2016-1926: Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA)
Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.
nvd
CVE-2019-25047P4MEDIUMCVSS 6.1fixed in 8.0.22021-06-21
CVE-2019-25047 [MEDIUM] CWE-79 CVE-2019-25047: Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS durin
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
nvd