← back
CVE-2016-8581

CVE-2016-8581

43Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 17%
from disclosure to weapon5 days
Published on NVDOct 28
1st PoC+5d
metasploitApr 24
exploitation probability
17%top 3% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.