EIP-2026-110399
PRE-CVEOSSIM 2.2.1 - '$_SERVER['PHP_SELF']' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110399. PoCs published by CONIX Security.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in OSSIM 2.2.1 by injecting malicious JavaScript via unsanitized user input in the alarm_console.php page. The PoC includes two example URLs with payloads that trigger arbitrary script execution in the context of the affected site.
Description
OSSIM 2.2.1 - '$_SERVER['PHP_SELF']' Cross-Site Scripting
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in OSSIM 2.2.1 by injecting malicious JavaScript via unsanitized user input in the alarm_console.php page. The PoC includes two example URLs with payloads that trigger arbitrary script execution in the context of the affected site.