{"id":"CVE-2016-1926","details":"Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.","modified":"2026-04-10T03:48:40.886152Z","published":"2016-01-26T19:59:09.500Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/archive/1/537335/100/0/threaded"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/135328/OpenVAS-Greenbone-Security-Assistant-Cross-Site-Scripting.html"},{"type":"ADVISORY","url":"http://www.greenbone.net/technology/gbsa2016-01.html"},{"type":"ADVISORY","url":"http://www.openvas.org/OVSA20160113.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html"},{"type":"EVIDENCE","url":"https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/greenbone/gsa","events":[{"introduced":"0"},{"last_affected":"a7a43630c67d21e1ffb30607d8d51c4dc84b6fae"},{"introduced":"0"},{"last_affected":"ec5d5ce48e42c366cfbd1bc9e3bd3abfca25b38d"},{"introduced":"0"},{"last_affected":"515b374bcc36e05e2abe253c02e0a2b44df764ca"},{"introduced":"0"},{"last_affected":"fe6dc7e443a69b7333d343979b77e3a73b4b510c"},{"introduced":"0"},{"last_affected":"7af0202452099c0d5867ce21aa0fb4a9fdfc67c5"},{"introduced":"0"},{"last_affected":"92c2de7880a13a82e54d8656ef117380c19d1cb6"},{"introduced":"0"},{"last_affected":"d5fe1faeb8cf6d81f5252acc594a0dd987568c0b"},{"introduced":"0"},{"last_affected":"7a129252056973da7218cc9115a238d39cc0accd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0.0"},{"introduced":"0"},{"last_affected":"6.0.1"},{"introduced":"0"},{"last_affected":"6.0.2"},{"introduced":"0"},{"last_affected":"6.0.3"},{"introduced":"0"},{"last_affected":"6.0.4"},{"introduced":"0"},{"last_affected":"6.0.5"},{"introduced":"0"},{"last_affected":"6.0.6"},{"introduced":"0"},{"last_affected":"6.0.7"}]}}],"versions":["v6.0.0","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.0.6","v6.0.7"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.14"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.15"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.17"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.18"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.19"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.20"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.21"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.22"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.23"}]},{"events":[{"introduced":"0"},{"last_affected":"22"}]},{"events":[{"introduced":"0"},{"last_affected":"23"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1926.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}