Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Curre...

Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting

Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the...

CVE-2016-8581

CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...