Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-5300

Опубликовано: 15 авг. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*
Версия до 4.2.3 (включая)
cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00686
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-fr4p-9696-xcx8

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.

EPSS

Процентиль: 71%
0.00686
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79