CVE-2009-3440

EUVD-2009-3422
Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
alienvaultossim
𝑥
≤ 2.1
alienvaultossim
1.0.4
alienvaultossim
1.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dsecrg.com/pages/vul/show.php?id=155
http://secunia.com/advisories/36867
http://www.securityfocus.com/archive/1/506663/100/0/threaded
http://www.securityfocus.com/bid/36504
http://dsecrg.com/pages/vul/show.php?id=155
http://secunia.com/advisories/36867
http://www.securityfocus.com/archive/1/506663/100/0/threaded
http://www.securityfocus.com/bid/36504