Lucene search
K
AlienvaultOpen Source Security Information And Event Management

5 matches found

CVE
CVE
added 2016/10/28 3:0 p.m.62 views

CVE-2016-8581

CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...

6.1CVSS5.9AI score0.17058EPSS
CVE
CVE
added 2016/10/28 3:0 p.m.53 views

CVE-2016-8580

Summary (concrete details): AlienVault OSSIM/USM before 5.3.2 is affected by a PHP object injection vulnerability caused by unsafe unserialize() usage in multiple widgets (flow_chart.php, gauge.php, honeypot.php, image.php, inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, ti...

9.8CVSS10AI score0.06861EPSS
Web
CVE
CVE
added 2016/10/28 3:0 p.m.52 views

CVE-2016-8582

Summary of CVE-2016-8582 : A SQL injection vulnerability exists in the gauge.php component of AlienVault OSSIM/USM prior to 5.3.2. The flaw is triggered in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php, where a serialized array can carry a SQL query in the type field, en...

9.8CVSS9.2AI score0.57425EPSS
Web
CVE
CVE
added 2016/09/26 4:0 p.m.51 views

CVE-2016-6913

CVE-2016-6913 affects AlienVault OSSIM/USM prior to 5.3. The vulnerability is a DOM-based Cross‑Site Scripting (XSS) that lets an attacker inject arbitrary script or HTML via the back parameter to ossim/conf/reload.php. Public‑facing details in the provided documents confirm the affected product/...

5.4CVSS5.4AI score0.0092EPSS
Web
CVE
CVE
added 2016/10/28 3:0 p.m.39 views

CVE-2016-8583

CVE-2016-8583 affects AlienVault OSSIM/USM prior to version 5.3.2. The vulnerability is a reflected XSS in the vulnerability scan scheduler where multiple GET parameters (e.g., jobname, timeout, sched_id, targets[]) in /ossim/vulnmeter/sched.php can reflect attacker-supplied input. The issue stem...

6.1CVSS6.2AI score0.00641EPSS
Web