CVE-2018-10314 – Open-AudIT Community 2.2.0 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-10314

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. Vulnerabilidad de Cross-Site Scripting (XSS) en Open-AudIT Community 2.2.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de componente manipulado. Esto queda demostrado por el parámetro action en la sección Discover -> Audit Scripts -> List Scripts -> Download. Open-AudIT Community version 2.2.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44613 https://docs.google.com/document/d/1lUHMAOnbQUfh_yBGdBB1x9n0QdVGeP9Tggu9auqpXNo/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •