9 results (0.008 seconds)

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. Opmantek Open-AudIT Community versión 4.2.0 (Corregido en versión 4.3.0) está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Si es pasado un valor incorrecto a la rutina por medio de una URL, puede ejecutarse código JavaScript malicioso en el navegador de la víctima Open-AudIT Community versions 4.2.0 and below suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50651 http://packetstormsecurity.com/files/165502/Open-AudIT-Community-4.2.0-Cross-Site-Scripting.html https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0 https://github.com/Opmantek/open-audit/commit/e37b64bbd0219f03cb71cc1cd5bb010166a2b846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. Dentro de la aplicación Open-AudIT hasta la versión 3.5.3, la interfaz web oculta los secretos SSH, las contraseñas de Windows y las cadenas SNMP de los usuarios que usan la ofuscación del HTML "password field". Mediante el uso de herramientas del Desarrollador o similar, es posible cambiar la ofuscación para que las credenciales sean visibles • https://github.com/jet-pentest/CVE-2021-3130 https://opmantek.com/network-discovery-inventory-software https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. La funcionalidad Create Discoveries de Open-AudIT versiones anteriores a 3.2.0, permite a un atacante autenticado ejecutar comandos arbitrarios de sistema operativo (SO) por medio de un valor diseñado para un campo URL. • https://community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. Vulnerabilidad de Cross-Site Scripting (XSS) en la funcionalidad Attributes en Open-AudIT Community edition en versiones anteriores a la 2.2.2 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de atributo manipulado de un Attribute. Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45053 https://docs.google.com/document/d/1dJP1CQupHGXjsMWthgPGepOkcnxYA4mDfdjOE46nrhM/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

Open-AudIT before 2.2 has CSV Injection. Open-AudIT en versiones anteriores a la 2.2 tiene una inyección CSV. Open-AudIT version 2.1 suffers from a CSV macro injection vulnerability. • https://www.exploit-db.com/exploits/44511 https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •