Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPeter LappPACKETSTORM:139485
HistoryNov 02, 2016 - 12:00 a.m.

Alienvault OSSIM/USM 5.3.1 Cross Site Scripting

2016-11-0200:00:00
Peter Lapp
packetstormsecurity.com
23

0.001 Low

EPSS

Percentile

36.6%

JSON
`Details  
=======  
  
Product: Alienvault OSSIM/USM  
Vulnerability: Reflected XSS  
Author: Peter Lapp, lappsec () gmail com  
CVE: CVE-2016-8583  
Vulnerable Versions: <=5.3.1  
Fixed Version: 5.3.2  
  
  
  
Vulnerability Details  
=====================  
  
Multiple GET parameters in the vulnerability scan scheduler of  
OSSIM/USM before 5.3.2 are vulnerable to reflected XSS. The parameters  
include jobname, timeout, sched_id, and targets[] in  
/ossim/vulnmeter/sched.php.  
  
  
  
POC  
===  
  
Example payload is: "><body+onpageshow%3d"alert(0)  
For the targets[] param the payload is slightly different.  
  
  
  
Timeline  
========  
  
08/03/16 - Reported to Vendor  
10/03/16 - Fixed in version 5.3.2  
  
  
  
References  
==========  
  
https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities  
  
  
`

Related

nvd 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2016-8583
2016-10-28 15:59:07
cve
cve
CVE-2016-8583
2016-10-28 15:59:07
prion
prion
Cross site scripting
2016-10-28 15:59:00
cvelist
cvelist
CVE-2016-8583
2016-10-28 15:00:00

0.001 Low

EPSS

Percentile

36.6%

JSON
Related for PACKETSTORM:139485
nvd1cve1prion1cvelist1