Vulnerabilities > Open Source Security Information Management

DATE CVE VULNERABILITY TITLE RISK
2008-02-22 CVE-2008-0920 SQL Injection vulnerability in Open Source Security Information Management Os-Sim
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
6.5
2008-02-22 CVE-2008-0919 Cross-Site Scripting vulnerability in Open Source Security Information Management Os-Sim
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
4.3