CVE-2016-1926

Name of the Vulnerable Software and Affected Versions Greenbone Security Assistant versions 6.0.0 through 6.0.7

Description A cross-site scripting issue exists due to insufficient input validation in the charts module. This allows remote attackers to inject arbitrary web script or HTML via the aggregate type parameter in a "get aggregate" command to "omp".

Recommendations For Greenbone Security Assistant versions 6.0.0 through 6.0.7, update to version 6.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the charts module or avoiding the use of the aggregate type parameter in "get aggregate" commands to "omp" until the update is applied.