CVE-2018-16607 — Cross-site Scripting in Open-audit

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 64.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opmantek Open-audit

Timeline

PublishedSep 19

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDopmantek/open-audit2.2.7

🔴Vulnerability Details

GHSA

GHSA-rcjr-ww2g-f988: Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2↗2022-05-14

▶