CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8978
https://notcve.org/view.php?id=CVE-2018-8978
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. Open-AudIT Professional 2.1 contiene Cross-Site Scripting (XSS) mediante un atributo src manipulado de un elemento IMG en una URI. • https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-8903 – Open-AuditIT Professional 2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-8903
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. Open-AudIT Professional 2.1 permite Cross-Site Scripting (XSS) mediante los campos Name o Description en la pantalla Credentials. Open-AuditIT Professional version 2.1 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44354 https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-8979 – Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-8979
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. Open-AudIT Professional 2.1 contiene Cross-Site Request Forgery (CSRF), como ha sido demostrado modificando una cuenta de usuario o insertando secuencias XSS mediante las credenciales URI. Open-AuditIT Professional version 2.1 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/44360 https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •