AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

Open Source SIEM (OSSIM) is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Open Source SIEM (OSSIM) 3.1 is vulnerable; other versions may also be affected.