CVE-2012-3835

{"id": "CVE-2012-3835", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-03T22:55:02.710", "references": [{"url": "http://secunia.com/advisories/49005", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18800", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/53331", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75297", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en AlienVault Open Source Security Information Management (OSSIM) v3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) url en top.php o (2) time[0][0] en forensics/base_qry_main.php, que no es manejada adecuadamente en la p\u00e1gina de error."}], "lastModified": "2017-08-29T01:32:06.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}