Vulnerabilities (CVE)

Filtered by vendor Open Source Security Information Management Subscribe
Filtered by product Os-sim
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0920 1 Open Source Security Information Management 1 Os-sim 2024-11-21 6.5 MEDIUM N/A
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
CVE-2008-0919 1 Open Source Security Information Management 1 Os-sim 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.