CVE-2021-44916
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
88.1%
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim’s browser.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opmantek | open-audit | * | cpe:2.3:a:opmantek:open-audit:*:*:*:*:community:*:*:* |
References
packetstormsecurity.com/files/165502/Open-AudIT-Community-4.2.0-Cross-Site-Scripting.html
community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability
community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0
github.com/Opmantek/open-audit/commit/e37b64bbd0219f03cb71cc1cd5bb010166a2b846
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
88.1%