5 matches found
CVE-2016-8581
CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...
CVE-2016-8580
Summary (concrete details): AlienVault OSSIM/USM before 5.3.2 is affected by a PHP object injection vulnerability caused by unsafe unserialize() usage in multiple widgets (flow_chart.php, gauge.php, honeypot.php, image.php, inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, ti...
CVE-2016-8582
Summary of CVE-2016-8582 : A SQL injection vulnerability exists in the gauge.php component of AlienVault OSSIM/USM prior to 5.3.2. The flaw is triggered in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php, where a serialized array can carry a SQL query in the type field, en...
CVE-2016-6913
CVE-2016-6913 affects AlienVault OSSIM/USM prior to 5.3. The vulnerability is a DOM-based Cross‑Site Scripting (XSS) that lets an attacker inject arbitrary script or HTML via the back parameter to ossim/conf/reload.php. Public‑facing details in the provided documents confirm the affected product/...
CVE-2016-8583
CVE-2016-8583 affects AlienVault OSSIM/USM prior to version 5.3.2. The vulnerability is a reflected XSS in the vulnerability scan scheduler where multiple GET parameters (e.g., jobname, timeout, sched_id, targets[]) in /ossim/vulnmeter/sched.php can reflect attacker-supplied input. The issue stem...