Alienvault OSSIM/USM 5.3.1 Cross Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Reflected XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8583 Vulnerable Versions: body+onpageshow%3d"alert0 For the targets param the payload is slightly different. Timeline ======== 08/03/16 - Reported to Vendor 10/03/16 -...

CVE-2016-8583

CVE-2016-8583 affects AlienVault OSSIM/USM prior to version 5.3.2. The vulnerability is a reflected XSS in the vulnerability scan scheduler where multiple GET parameters (e.g., jobname, timeout, sched_id, targets[]) in /ossim/vulnmeter/sched.php can reflect attacker-supplied input. The issue stem...