Ubuntu.comUB:CVE-2012-3835CVE-2012-3835
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
80.4%
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open
Source Security Information Management (OSSIM) 3.1 allow remote attackers
to inject arbitrary web script or HTML via the (1) url parameter to top.php
or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not
properly handled in an error page.
Notes
| Author | Note |
|---|---|
| msalvatore | OSSIM is not Open Source Software Image Map |
References
secunia.com/advisories/49005
www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html
www.exploit-db.com/exploits/18800
www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt
xforce.iss.net/xforce/xfdb/75297
launchpad.net/bugs/cve/CVE-2012-3835
nvd.nist.gov/vuln/detail/CVE-2012-3835
security-tracker.debian.org/tracker/CVE-2012-3835
www.cve.org/CVERecord?id=CVE-2012-3835
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
80.4%