CVE-2008-0919

OSSIM <= 0.9.9 rc5 - Cross-Site Scripting via Login Page Dest Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0919. PoCs published by Marcin Kopec.

AI-analyzed exploit summary The document describes SQL injection and XSS vulnerabilities in OSSIM 0.9.9rc5, providing specific exploit URLs and technical details about the flaws. It includes proof-of-concept payloads for both vulnerabilities.

Description

Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Marcin Kopec · textwebappsphp
https://www.exploit-db.com/exploits/5171

The document describes SQL injection and XSS vulnerabilities in OSSIM 0.9.9rc5, providing specific exploit URLs and technical details about the flaws. It includes proof-of-concept payloads for both vulnerabilities.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: OSSIM 0.9.9rc5
No auth needed
Prerequisites: Access to the OSSIM web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3689
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488617/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488697/100/0/threaded
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27929
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5171
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/42006
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488450/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29046

Scores

EPSS 0.0375
EPSS Percentile 88.5%

Details

CWE
CWE-79
Status published
Products (25)
open_source_security_information_management/os-sim 0.1alpha
open_source_security_information_management/os-sim 0.2alpha
open_source_security_information_management/os-sim 0.3.1alpha
open_source_security_information_management/os-sim 0.3alpha
open_source_security_information_management/os-sim 0.5.1
open_source_security_information_management/os-sim 0.5.2
open_source_security_information_management/os-sim 0.6
open_source_security_information_management/os-sim 0.6.2
open_source_security_information_management/os-sim 0.6.3
open_source_security_information_management/os-sim 0.7
... and 15 more
Published Feb 22, 2008
Tracked Since Feb 18, 2026