CVE-2012-3835

Alienvault Open Source Security Information Management - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/18800
exploitdb WORKING POC VERIFIED
by muts · pythonwebappsphp
https://www.exploit-db.com/exploits/20062

References (6)

Scores

EPSS 0.2664
EPSS Percentile 96.3%

Classification

CWE
CWE-79
Status published

Affected Products (2)

alienvault/open_source_security_information_management
n/a/n/a

Timeline

Published Jul 03, 2012
Tracked Since Feb 18, 2026