CVE-2009-3440

OSSIM < 2.1.2 - Cross-Site Scripting via Option Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3440. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary This advisory details multiple SQL injection, XSS, and unauthorized access vulnerabilities in OSSIM versions 2.1 and 2.1.1. It provides specific vulnerable scripts, parameters, and example exploit URLs, along with mitigation guidance.

Description

Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).

Exploits (1)

exploitdb WRITEUP VERIFIED
by Alexey Sintsov · textwebappsphp
https://www.exploit-db.com/exploits/9828

This advisory details multiple SQL injection, XSS, and unauthorized access vulnerabilities in OSSIM versions 2.1 and 2.1.1. It provides specific vulnerable scripts, parameters, and example exploit URLs, along with mitigation guidance.

Classification
Writeup 95%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: OSSIM 2.1 and 2.1.1
Auth required
Prerequisites: Network access to OSSIM server · Valid credentials for authenticated SQLi exploits
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36504
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36867
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506663/100/0/threaded

Scores

EPSS 0.0145
EPSS Percentile 70.0%

Details

CWE
CWE-79
Status published
Products (3)
alienvault/ossim 1.0.4
alienvault/ossim 1.0.6
alienvault/ossim < 2.1
Published Sep 28, 2009
Tracked Since Feb 18, 2026