Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-11124Cross-site Scripting in Open-audit

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 58.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Opmantek Open-audit
Timeline
PublishedJul 6
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDopmantek/open-audit< 2.2.2

🔴Vulnerability Details

1
GHSA
GHSA-mpgx-8ww8-7cf7: Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 22022-05-14

💥Exploits & PoCs

1
Exploit-DB
Open-AudIT Community 2.1.1 - Cross-Site Scripting2018-07-18