Lucene search
Redhat.comRH:CVE-2016-6209HistoryJul 14, 2016 - 12:48 a.m.
CVE-2016-6209
2016-07-1400:48:14
redhat.com
access.redhat.com
10
0.001 Low
EPSS
Percentile
35.0%
A user supplied GET parameter is used to create the value used as the src value of an iframe displayed on all pages. It allows for CSRF and javascript insertion techniques among others. An attacker could forge a malicious URL that could include javascript execution in the main browser frame context, force the target to view a malicious web page (client side) or take advantage of concurrent cookies / sessions and perform a CSRF attack against other openstack components such as horizon.
Related
cvelist
cvelist
CVE-2016-6209
2017-03-31 15:00:00
ubuntucve
ubuntucve
CVE-2016-6209
2017-03-31 00:00:00
debiancve
debiancve
CVE-2016-6209
2017-03-31 16:59:00
prion
prion
Cross site scripting
2017-03-31 16:59:00
openvas
openvas
Nagios 'corewindow' Parameter Cross-Site Scripting Vulnerability
2017-04-13 00:00:00
openSUSE: Security Advisory for nagios (openSUSE-SU-2021:0715-1)
2021-05-13 00:00:00
Fedora Update for nagios FEDORA-2017-d270e932a3
2017-11-23 00:00:00
cve
cve
CVE-2016-6209
2017-03-31 16:59:00
nvd
nvd
CVE-2016-6209
2017-03-31 16:59:00
suse
suse
Security update for nagios (important)
2021-05-12 00:00:00
Security update for nagios (important)
2021-05-16 00:00:00
nessus
nessus
RHEL 7 : nagios (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : nagios (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 6 : nagios (Unpatched Vulnerability)
2024-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: nagios-4.3.4-3.fc27
2017-11-15 17:56:42