Details ======= Product: Alienvault OSSIM/USM Vulnerability: Reflected XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8583 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== Multiple GET parameters in the vulnerability scan scheduler of OSSIM/USM before 5.3.2 are vulnerable to reflected XSS. The parameters include jobname, timeout, sched_id, and targets[] in /ossim/vulnmeter/sched.php. POC === Example payload is: ">
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment