CVE-2012-3835
Alienvault Open Source Security Information Management - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/18800
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53331
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18800
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49005
Exploit x_refsource_misc
http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt
Exploit x_refsource_misc
http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75297
Scores
EPSS
0.2664
EPSS Percentile
96.4%
Details
CWE
CWE-79
Status
published
Products (1)
alienvault/open_source_security_information_management
3.1
Published
Jul 03, 2012
Tracked Since
Feb 18, 2026