CVE-2008-0919

Open Source Security Information Management Os-sim - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Marcin Kopec · textwebappsphp
https://www.exploit-db.com/exploits/5171

References (8)

Scores

EPSS 0.0720
EPSS Percentile 91.5%

Classification

CWE
CWE-79
Status draft

Affected Products (25)

open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
open_source_security_information_management/os-sim
... and 10 more

Timeline

Published Feb 22, 2008
Tracked Since Feb 18, 2026