A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/93862 - | |
References | () https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities - Vendor Advisory | |
References | () https://www.exploit-db.com/exploits/40683/ - |
Information
Published : 2016-10-28 15:59
Updated : 2024-11-21 02:59
NVD link : CVE-2016-8581
Mitre link : CVE-2016-8581
CVE.ORG link : CVE-2016-8581
JSON object : View
Products Affected
alienvault
- unified_security_management
- open_source_security_information_and_event_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')