Description
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Marcin Kopec · textwebappsphp
https://www.exploit-db.com/exploits/5171
References (8)
Core 8
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3689
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488617/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488697/100/0/threaded
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27929
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5171
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42006
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488450/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29046
Scores
EPSS
0.0720
EPSS Percentile
91.6%
Details
CWE
CWE-79
Status
published
Products (25)
open_source_security_information_management/os-sim
0.1alpha
open_source_security_information_management/os-sim
0.2alpha
open_source_security_information_management/os-sim
0.3.1alpha
open_source_security_information_management/os-sim
0.3alpha
open_source_security_information_management/os-sim
0.5.1
open_source_security_information_management/os-sim
0.5.2
open_source_security_information_management/os-sim
0.6
open_source_security_information_management/os-sim
0.6.2
open_source_security_information_management/os-sim
0.6.3
open_source_security_information_management/os-sim
0.7
... and 15 more
Published
Feb 22, 2008
Tracked Since
Feb 18, 2026