CVE-2016-8581

Name of the Vulnerable Software and Affected Versions AlienVault OSSIM and USM versions prior to 5.3.2

Description A persistent XSS issue exists in the login process, specifically in the User-Agent header, allowing an attacker to steal session IDs of logged-in users when an administrator views current sessions.

Recommendations For versions prior to 5.3.2, update to version 5.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the login process and session viewing functionality to minimize the risk of exploitation.