Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23497
HistoryMar 31, 2010 - 12:00 a.m.

Multiple XSS vulnerabilities in OSSIM 2.2.1

2010-03-3100:00:00
vulners.com
12

================== Summary ==================

Multiple XSS vulnerabilities in OSSIM 2.2.1

Discovered by: CONIX Security (www.conix.fr)
Public Release Date: 3/31/2010
Vendor: Alienvault (www.alienvault.com)
Fixed: Yes (3/30/2010)

============= Technical Details =============

  1. An attacker can redirect a victim to a malicious website by giving him a malicious URL, by social
    engineering or by phishing:

Example:

The top links will then point to http://www.attacker.com

  1. All the pages that contains the variable $_SERVER['PHP_SELF'] are vulnerable to an XSS:

Examples: