Vulnerabilities > Alienvault > Unified Security Management

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-6913 Cross-site Scripting vulnerability in Alienvault products
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.
network
alienvault CWE-79
3.5
2015-05-01 CVE-2015-3446 Code Injection vulnerability in Alienvault Unified Security Management 4.14
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
network
alienvault CWE-94
critical
9.3