Open-audit Security Vulnerabilities and Issues — Open-audit CVE List

Lucene search

OpmantekOpen-audit

5 matches found

CVE•added 2020/04/28 10:15 p.m.•92 views

CVE-2020-12261

Open-AudIT 3.3.0 allows an XSS attack after login.

5.4CVSS5.3AI score0.00298EPSS

CVE•added 2018/07/06 2:29 p.m.•51 views

CVE-2018-11124

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.

5.4CVSS5.2AI score0.00194EPSS

CVE•added 2018/05/10 3:29 a.m.•50 views

CVE-2018-10314

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.

5.4CVSS5.2AI score0.00194EPSS

CVE•added 2021/01/20 4:15 p.m.•50 views

CVE-2021-3130

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

5.9CVSS5.7AI score0.00627EPSS

CVE•added 2018/09/19 3:29 p.m.•33 views

CVE-2018-16607

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

5.4CVSS5.3AI score0.0015EPSS