Vulnerability Details : CVE-2016-8581
Public exploit exists!
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2016-8581
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-8581
-
AlienVault OSSIM SQL Injection and Remote Code Execution
Disclosure Date: 2014-04-24First seen: 2020-04-26exploit/linux/http/alienvault_sqli_execThis module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code executio
CVSS scores for CVE-2016-8581
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2016-8581
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8581
-
http://www.securityfocus.com/bid/93862
Alienvault OSSIM/USM CVE-2016-8581 HTML Injection Vulnerability
-
https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities
Security Advisory - AlienVault 5.3.2 address 70 vulnerabilities | AT&T CybersecurityVendor Advisory
-
https://www.exploit-db.com/exploits/40683/
Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting
Products affected by CVE-2016-8581
- cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*
- Alienvault » Open Source Security Information And Event ManagementVersions up to, including, (<=) 5.3.1cpe:2.3:a:alienvault:open_source_security_information_and_event_management:*:*:*:*:*:*:*:*