CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2021-44916 – Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
https://notcve.org/view.php?id=CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. Opmantek Open-AudIT Community versión 4.2.0 (Corregido en versión 4.3.0) está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Si es pasado un valor incorrecto a la rutina por medio de una URL, puede ejecutarse código JavaScript malicioso en el navegador de la víctima Open-AudIT Community versions 4.2.0 and below suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50651 http://packetstormsecurity.com/files/165502/Open-AudIT-Community-4.2.0-Cross-Site-Scripting.html https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0 https://github.com/Opmantek/open-audit/commit/e37b64bbd0219f03cb71cc1cd5bb010166a2b846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3130
https://notcve.org/view.php?id=CVE-2021-3130
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. Dentro de la aplicación Open-AudIT hasta la versión 3.5.3, la interfaz web oculta los secretos SSH, las contraseñas de Windows y las cadenas SNMP de los usuarios que usan la ofuscación del HTML "password field". Mediante el uso de herramientas del Desarrollador o similar, es posible cambiar la ofuscación para que las credenciales sean visibles • https://github.com/jet-pentest/CVE-2021-3130 https://opmantek.com/network-discovery-inventory-software https://raw.githubusercontent.com/B0D0B0P0T/CVE/main/CVE-2021-3130 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11942 – Open-AudIT 3.2.2 Command Injection / SQL Injection
https://notcve.org/view.php?id=CVE-2020-11942
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. Se detectó un problema en Open-AudIT versión 3.2.2. Se presentan múltiples inyecciones SQL. Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. • https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0 https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11943 – Open-AudIT 3.2.2 Command Injection / SQL Injection
https://notcve.org/view.php?id=CVE-2020-11943
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. Se detectó un problema en Open-AudIT versión 3.2.2. Hay una carga de archivos arbitrarios. Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. • https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0 https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1CVE-2020-11941 – Open-AudIT 3.2.2 Command Injection / SQL Injection
https://notcve.org/view.php?id=CVE-2020-11941
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. Se descubrió un problema en Open-AudIT versión 3.2.2. Hay una inyección de Comandos del Sistema Operativo en Discovery. Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/157476/Open-AudIT-3.2.2-Command-Injection-SQL-Injection.html https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0 https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •