Greenbone OS 5.0.x < 5.0.10 XSS Vulnerability (Active Check)

Published: 2019-09-06 02:27:18

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Detection Type:
Remote Vulnerability

Solution Type:
Vendor Patch

Summary:
Greenbone OS is prone to a reflected cross-site scripting vulnerability in the Greenbone Security Assistant (GSA) web user interface.

Affected Versions:
All GSM models except GSM 25, GSM 25V and GSM 35 running Greenbone OS 5.0.x prior to version 5.0.10.

Recommendations:
Update to version 5.0.10 or later.

Detection Method:
Sends a crafted HTTP GET request and checks the response.

References:

https://github.com/greenbone/gsa/issues/1601
https://www.greenbone.net/en/roadmap-lifecycle/

Search
Severity
Medium
CVSS Score
6.4

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.