CVE-2013-5300

EUVD-2013-5140
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
alienvaultopen_source_security_information_management
𝑥
≤ 4.2.3
alienvaultopen_source_security_information_management
1.0.4
alienvaultopen_source_security_information_management
1.0.6
alienvaultopen_source_security_information_management
2.1
alienvaultopen_source_security_information_management
2.1.2
alienvaultopen_source_security_information_management
2.1.5
alienvaultopen_source_security_information_management
2.1.5-1
alienvaultopen_source_security_information_management
2.1.5-2
alienvaultopen_source_security_information_management
2.1.5-3
alienvaultopen_source_security_information_management
3.1
alienvaultopen_source_security_information_management
3.1.9
alienvaultopen_source_security_information_management
3.1.10
alienvaultopen_source_security_information_management
3.1.12
alienvaultopen_source_security_information_management
4.0.3
alienvaultopen_source_security_information_management
4.0.4
alienvaultopen_source_security_information_management
4.1
alienvaultopen_source_security_information_management
4.1.2
alienvaultopen_source_security_information_management
4.1.3
alienvaultopen_source_security_information_management
4.2
alienvaultopen_source_security_information_management
4.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://forums.alienvault.com/discussion/1609/patch-release-4-3-1
http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html
http://secunia.com/advisories/54264
http://secunia.com/advisories/54287
http://www.osvdb.org/show/osvdb/95813
http://www.osvdb.org/show/osvdb/95814
http://www.osvdb.org/show/osvdb/95816
http://www.osvdb.org/show/osvdb/95817
http://www.osvdb.org/show/osvdb/95818
http://www.securityfocus.com/bid/61456
https://exchange.xforce.ibmcloud.com/vulnerabilities/85994
http://forums.alienvault.com/discussion/1609/patch-release-4-3-1
http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html
http://secunia.com/advisories/54264
http://secunia.com/advisories/54287
http://www.osvdb.org/show/osvdb/95813
http://www.osvdb.org/show/osvdb/95814
http://www.osvdb.org/show/osvdb/95816
http://www.osvdb.org/show/osvdb/95817
http://www.osvdb.org/show/osvdb/95818
http://www.securityfocus.com/bid/61456
https://exchange.xforce.ibmcloud.com/vulnerabilities/85994