CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2019-16293
https://notcve.org/view.php?id=CVE-2019-16293
13 Sep 2019 — The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. La funcionalidad Create Discoveries de Open-AudIT versiones anteriores a 3.2.0, permite a un atacante autenticado ejecutar comandos arbitrarios de sistema operativo (SO) por medio de un valor diseñado para un campo URL. • https://community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16607
https://notcve.org/view.php?id=CVE-2018-16607
19 Sep 2018 — Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Vulnerabilidad Cross-Site Scripting (XSS) en la página Orgs en Open-AudIT Professional edition en su versión 2.2.7 permite que los atacantes remotos inyecten scripts web mediante el campo name en Orgs. • https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 88%CPEs: 1EXPL: 3CVE-2018-14493 – Open-AudIT Community 2.2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14493
25 Jul 2018 — Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. Vulnerabilidad Cross-Site Scripting (XSS) en Groups Page en Open-Audit Community 2.2.6 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de grupo. Open-AudIT Community version 2.2.6 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/148837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-11124 – Open-AudIT Community 2.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-11124
06 Jul 2018 — Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. Vulnerabilidad de Cross-Site Scripting (XSS) en la funcionalidad Attributes en Open-AudIT Community edition en versiones anteriores a la 2.2.2 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de atributo manipulado de un Attribute. Open-AudIT Commun... • https://packetstorm.news/files/id/148590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-10314 – Open-AudIT Community 2.2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10314
10 May 2018 — Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. Vulnerabilidad de Cross-Site Scripting (XSS) en Open-AudIT Community 2.2.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de componente manipulado. Esto queda demostrado por el parámetro acti... • https://packetstorm.news/files/id/147595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-9137 – Open-AudIT 2.1 - CSV Macro Injection
https://notcve.org/view.php?id=CVE-2018-9137
19 Apr 2018 — Open-AudIT before 2.2 has CSV Injection. Open-AudIT en versiones anteriores a la 2.2 tiene una inyección CSV. Open-AudIT version 2.1 suffers from a CSV macro injection vulnerability. • https://packetstorm.news/files/id/147346 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-9155 – Open-AudIT Professional - 2.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9155
12 Apr 2018 — Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). Vulnerabilidad Cross-Site Scripting (XSS) en Open-AudIT Professional 2.1.1 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre manipu... • https://packetstorm.news/files/id/147594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8937
https://notcve.org/view.php?id=CVE-2018-8937
26 Mar 2018 — An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. Se ha descubierto un problema Open-AudIT Professional 2.1. Es posible inyectar un payload malicioso en el parámetro redirect_url en /login URI para desencadenar una redirección abierta. • https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8978
https://notcve.org/view.php?id=CVE-2018-8978
25 Mar 2018 — Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. Open-AudIT Professional 2.1 contiene Cross-Site Scripting (XSS) mediante un atributo src manipulado de un elemento IMG en una URI. • https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-8903 – Open-AuditIT Professional 2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-8903
22 Mar 2018 — Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. Open-AudIT Professional 2.1 permite Cross-Site Scripting (XSS) mediante los campos Name o Description en la pantalla Credentials. Open-AuditIT Professional version 2.1 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/146926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •