CVE-2013-5300

2013-08-1520:00:00

mitre

www.cve.org

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.

References

forums.alienvault.com/discussion/1609/patch-release-4-3-1

packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html

secunia.com/advisories/54264

secunia.com/advisories/54287

www.osvdb.org/show/osvdb/95813

www.osvdb.org/show/osvdb/95814

www.osvdb.org/show/osvdb/95816

www.osvdb.org/show/osvdb/95817

www.osvdb.org/show/osvdb/95818

www.securityfocus.com/bid/61456

exchange.xforce.ibmcloud.com/vulnerabilities/85994