2 matches found
CVE-2008-0919
CVE-2008-0919 affects OSSIM (Open Source Security Information Management) up to version 0.9.9 RC5, where the dest parameter of session/login.php is not sanitized. This XSS vulnerability allows an unauthenticated attacker to inject arbitrary HTML/JavaScript that could execute in the victim’s brows...
CVE-2008-0920
CVE-2008-0920 describes an SQL injection in OSSIM 0.9.9 rc5, specifically in port/modifyportform.php where the portname parameter is not adequately validated by a regex. This allows remote authenticated users to execute arbitrary SQL commands. The description details that the vulnerability affect...