CVE-2016-9605: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 13, 2022 (updated July 28, 2023)

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605
github.com/advisories/GHSA-4vc9-4xpq-77vm
nvd.nist.gov/vuln/detail/CVE-2016-9605

Code Behaviors & Features

Detect and mitigate CVE-2016-9605 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →