An injection vulnerability has been found in OSSIM. The “dest” parameter in the PHP based login page is not adequately sanitized. This can lead to Cross Site Scripting attacks or even SQL injection. The original advisory can be found at:http://www.milw0rm.com/exploits/5171
Open Source Security Information Management vuln
Reply