Open Audit
by Opmantek
Source repositories
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12261 | 0.03 | — | 0.00 | Apr 28, 2020 | Open-AudIT 3.3.0 allows an XSS attack after login. | |||
| CVE-2018-14493 | 0.03 | — | 0.02 | Jul 25, 2018 | Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||
| CVE-2018-11124 | 0.03 | — | 0.00 | Jul 6, 2018 | Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | |||
| CVE-2018-10314 | 0.03 | — | 0.00 | May 10, 2018 | Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | |||
| CVE-2018-9137 | 0.03 | — | 0.02 | Apr 19, 2018 | Open-AudIT before 2.2 has CSV Injection. | |||
| CVE-2018-9155 | 0.03 | — | 0.00 | Apr 12, 2018 | Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section… | |||
| CVE-2018-8979 | 0.03 | — | 0.00 | Mar 25, 2018 | Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||
| CVE-2018-8903 | 0.03 | — | 0.00 | Mar 22, 2018 | Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||
| CVE-2020-11943 | 0.00 | — | 0.03 | Apr 29, 2020 | An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. | |||
| CVE-2020-11942 | 0.00 | — | 0.00 | Apr 29, 2020 | An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. | |||
| CVE-2020-11941 | 0.00 | — | 0.04 | Apr 27, 2020 | An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. | |||
| CVE-2019-16293 | 0.00 | — | 0.01 | Sep 13, 2019 | The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | |||
| CVE-2018-16607 | 0.00 | — | 0.00 | Sep 19, 2018 | Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. |
- CVE-2020-12261Apr 28, 2020risk 0.03cvss —epss 0.00
Open-AudIT 3.3.0 allows an XSS attack after login.
- CVE-2018-14493Jul 25, 2018risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
- CVE-2018-11124Jul 6, 2018risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
- CVE-2018-10314May 10, 2018risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
- CVE-2018-9137Apr 19, 2018risk 0.03cvss —epss 0.02
Open-AudIT before 2.2 has CSV Injection.
- CVE-2018-9155Apr 12, 2018risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section…
- CVE-2018-8979Mar 25, 2018risk 0.03cvss —epss 0.00
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
- CVE-2018-8903Mar 22, 2018risk 0.03cvss —epss 0.00
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
- CVE-2020-11943Apr 29, 2020risk 0.00cvss —epss 0.03
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
- CVE-2020-11942Apr 29, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
- CVE-2020-11941Apr 27, 2020risk 0.00cvss —epss 0.04
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
- CVE-2019-16293Sep 13, 2019risk 0.00cvss —epss 0.01
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
- CVE-2018-16607Sep 19, 2018risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.