CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16293
https://notcve.org/view.php?id=CVE-2019-16293
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. La funcionalidad Create Discoveries de Open-AudIT versiones anteriores a 3.2.0, permite a un atacante autenticado ejecutar comandos arbitrarios de sistema operativo (SO) por medio de un valor diseñado para un campo URL. • https://community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16607
https://notcve.org/view.php?id=CVE-2018-16607
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Vulnerabilidad Cross-Site Scripting (XSS) en la página Orgs en Open-AudIT Professional edition en su versión 2.2.7 permite que los atacantes remotos inyecten scripts web mediante el campo name en Orgs. • https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 89%CPEs: 1EXPL: 2CVE-2018-14493 – Open-AudIT Community 2.2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14493
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. Vulnerabilidad Cross-Site Scripting (XSS) en Groups Page en Open-Audit Community 2.2.6 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de grupo. Open-AudIT Community version 2.2.6 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45160 https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-11124 – Open-AudIT Community 2.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-11124
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. Vulnerabilidad de Cross-Site Scripting (XSS) en la funcionalidad Attributes en Open-AudIT Community edition en versiones anteriores a la 2.2.2 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de atributo manipulado de un Attribute. Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45053 https://docs.google.com/document/d/1dJP1CQupHGXjsMWthgPGepOkcnxYA4mDfdjOE46nrhM/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10314 – Open-AudIT Community 2.2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10314
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. Vulnerabilidad de Cross-Site Scripting (XSS) en Open-AudIT Community 2.2.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de componente manipulado. Esto queda demostrado por el parámetro action en la sección Discover -> Audit Scripts -> List Scripts -> Download. Open-AudIT Community version 2.2.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44613 https://docs.google.com/document/d/1lUHMAOnbQUfh_yBGdBB1x9n0QdVGeP9Tggu9auqpXNo/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •