CVE-2021-3333 — Cross-site Scripting in Open-audit

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opmantek Open-audit

Timeline

PublishedFeb 5

Latest updateMay 24

Description

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDopmantek/open-audit4.0.1

Patches

Patch: community.opmantek.com ↗Patch: community.opmantek.com ↗

🔴Vulnerability Details

GHSA

GHSA-v59p-pfh8-62m9: Opmantek Open-AudIT 4↗2022-05-24

▶