Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10314 — Cross-site Scripting in Open-audit

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 58.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opmantek Open-audit

Timeline

PublishedMay 10

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDopmantek/open-audit2.2.0

🔴Vulnerability Details

GHSA

GHSA-p26q-5mcm-ff33: Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Open-AudIT Community 2.2.0 - Cross-Site Scripting↗2018-05-11

▶