CVE-2012-3835
Published: 3 July 2012
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
Notes
Author | Note |
---|---|
msalvatore | OSSIM is not Open Source Software Image Map |
Priority
Status
Package | Release | Status |
---|---|---|
ossim Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
hardy |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3835
- http://xforce.iss.net/xforce/xfdb/75297
- http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt
- http://www.exploit-db.com/exploits/18800
- http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html
- http://secunia.com/advisories/49005
- NVD
- Launchpad
- Debian