{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.8" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.9" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.11" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.12" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.13" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.14" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.15" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.16" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.17" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.18" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.19" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.20" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.21" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.22" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.1.23" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "22" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "23" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "6.0.0" }, { "introduced": "0" }, { "last_affected": "6.0.1" }, { "introduced": "0" }, { "last_affected": "6.0.2" }, { "introduced": "0" }, { "last_affected": "6.0.3" }, { "introduced": "0" }, { "last_affected": "6.0.4" }, { "introduced": "0" }, { "last_affected": "6.0.5" }, { "introduced": "0" }, { "last_affected": "6.0.6" }, { "introduced": "0" }, { "last_affected": "6.0.7" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "a7a43630c67d21e1ffb30607d8d51c4dc84b6fae" }, { "introduced": "0" }, { "last_affected": "ec5d5ce48e42c366cfbd1bc9e3bd3abfca25b38d" }, { "introduced": "0" }, { "last_affected": "515b374bcc36e05e2abe253c02e0a2b44df764ca" }, { "introduced": "0" }, { "last_affected": "fe6dc7e443a69b7333d343979b77e3a73b4b510c" }, { "introduced": "0" }, { "last_affected": "7af0202452099c0d5867ce21aa0fb4a9fdfc67c5" }, { "introduced": "0" }, { "last_affected": "92c2de7880a13a82e54d8656ef117380c19d1cb6" }, { "introduced": "0" }, { "last_affected": "d5fe1faeb8cf6d81f5252acc594a0dd987568c0b" }, { "introduced": "0" }, { "last_affected": "7a129252056973da7218cc9115a238d39cc0accd" } ], "repo": "https://github.com/greenbone/gsa", "type": "GIT" } ] } ], "details": "Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.", "id": "CVE-2016-1926", "modified": "2026-04-01T23:08:12.524329305Z", "published": "2016-01-26T19:59:09.500Z", "references": [ { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/537335/100/0/threaded" }, { "type": "ADVISORY", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html" }, { "type": "ADVISORY", "url": "http://packetstormsecurity.com/files/135328/OpenVAS-Greenbone-Security-Assistant-Cross-Site-Scripting.html" }, { "type": "ADVISORY", "url": "http://www.greenbone.net/technology/gbsa2016-01.html" }, { "type": "ADVISORY", "url": "http://www.openvas.org/OVSA20160113.html" }, { "type": "ADVISORY", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html" }, { "type": "EVIDENCE", "url": "https://en.internetwache.org/cve-2016-1926-xss-in-the-greenbone-security-assistant-20-01-2016/" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }