Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-12261Cross-site Scripting in Open-audit

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 42.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Opmantek Open-audit
Timeline
PublishedApr 28
Latest updateMay 24

Description

Open-AudIT 3.3.0 allows an XSS attack after login.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-2m97-wq46-x8xx: Open-AudIT 32022-05-24

💥Exploits & PoCs

1
Exploit-DB
Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)2020-05-26