Project Filelist for OpenVAS
File Release Notes and Changelog
Release Name: 6.0.8
This is the eighth maintenance release of the Greenbone Security Assistant (GSA) 6.0 module for the Open Vulnerability Assessment System release 8 (OpenVAS-8). This release addresses two important security issues: - Due to incomplete parameter filtering of the aggregate_type and sort_order fields, a cross-site scripting (XSS) was possible. This attack vector required a valid session token. The guest token could be used as a valid session token if guest logins were explicitly enabled. - Due to incomplete URL checking it was possible to influence the target of the guest mode login link when requesting the login page when guest logins were explicitly enabled. The release also incorporates several improvements from the development branch of OpenVAS. Please see below for a comprehensive list of changes. Many thanks to everyone who contributed to this release: Matthew Mundell and Timo Pollmeier.