CVE-2012-3835
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/53331
- http://www.exploit-db.com/exploits/18800
- http://secunia.com/advisories/49005
- http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt
- http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75297
References
- http://www.securityfocus.com/bid/53331
- http://www.exploit-db.com/exploits/18800
- http://secunia.com/advisories/49005
- http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt
- http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75297
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.