Vulnerability Details CVE-2016-8581
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.664
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/93862
- https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities
- https://www.exploit-db.com/exploits/40683/
- http://www.securityfocus.com/bid/93862
- https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities
- https://www.exploit-db.com/exploits/40683/
Products affected by CVE-2016-8581
-
cpe:2.3:a:alienvault:open_source_security_information_and_event_management:5.2
-
cpe:2.3:a:alienvault:open_source_security_information_and_event_management:5.3.1
-
cpe:2.3:a:alienvault:unified_security_management:4.14
-
cpe:2.3:a:alienvault:unified_security_management:5.2
-
cpe:2.3:a:alienvault:unified_security_management:5.3
-
cpe:2.3:a:alienvault:unified_security_management:5.3.1