Medium severity6.1NVD Advisory· Published Oct 28, 2016· Updated May 6, 2026

CVE-2016-8581

Description

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilitiesnvdVendor Advisory
www.securityfocus.com/bid/93862nvd
www.exploit-db.com/exploits/40683/nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.055
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000