OSSIM Cross-Site Scripting and SQL Injection Vulnerabilities
Description
Multiple vulnerabilities have been discovered in OSSIM, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed via the "scan_server" and "targets" GET parameters to ossim/vulnmeter/simulate.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the "date_from" GET parameter to multiple scripts is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
List of affected scripts:
<a href="http://[host]/RadarReport/radar-iso27001-potential.php
" target="_blank">http://[host]/RadarReport/radar-iso27001-potential.php
</a>
<a href="http://[host]/RadarReport/radar-iso27001-A12IS_acquisition-pot.php
" target="_blank">http://[host]/RadarReport/radar-...1-A12IS_acquisition-pot.php
</a>
<a href="http://[host]/RadarReport/radar-iso27001-A11AccessControl-pot.php
" target="_blank">http://[host]/RadarReport/radar-...01-A11AccessControl-pot.php
</a>
<a href="http://[host]/RadarReport/radar-iso27001-A10Com_OP_Mgnt-pot.php
" target="_blank">http://[host]/RadarReport/radar-...7001-A10Com_OP_Mgnt-pot.php
</a>
<a href="http://[host]/RadarReport/radar-pci-potential.php
" target="_blank">http://[host]/RadarReport/radar-pci-potential.php
</a>
The vulnerabilities are confirmed in version 4.3.0. Other versions may also be affected.
Vulnerable Products
Vulnerable Software: OSSIM (AlienVault Open Source SIM) 4.x
