CVE-2012-3835

Name of the Vulnerable Software and Affected Versions AlienVault Open Source Security Information Management (OSSIM) version 3.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters, including the url parameter to "top.php" or the time[0][0] parameter to "forensics/base qry main.php". This occurs because the parameters are not properly handled in an error page, leading to potential cross-site scripting (XSS) attacks.

Recommendations For AlienVault Open Source Security Information Management (OSSIM) version 3.1, consider restricting access to the "top.php" and "forensics/base qry main.php" pages until a proper fix is applied, and avoid using the url and time[0][0] parameters in these pages to minimize the risk of exploitation.