CVE-2012-3835 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php which is not properly handled in an error page.

Reference

http://secunia.com/advisories/49005 http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html http://www.exploit-db.com/exploits/18800 http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt http://www.securityfocus.com/bid/53331 https://exchange.xforce.ibmcloud.com/vulnerabilities/75297 Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php which is not properly handled in an error page.