Описание
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.1 (включая)Версия до 5.3.1 (включая)
Одно из
cpe:2.3:a:alienvault:open_source_security_information_and_event_management:*:*:*:*:*:*:*:*
cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.68151
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
EPSS
Процентиль: 99%
0.68151
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79