Cross-Site Scripting Vulnerability in Open-AudIT Professional by Open-AudIT
CVE-2018-8903

5.4MEDIUM

Key Information:

Vendor

Open-audit

Status
Open-audit
Vendor
CVE Published:
22 March 2018

What is CVE-2018-8903?

Open-AudIT Professional 2.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability that can be exploited through the Name or Description fields on the Credentials screen. An attacker may inject malicious scripts, which could run in the context of another user's session, potentially compromising sensitive information and leading to unauthorized actions on behalf of that user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-op...
x_refsource_MISC
https://www.exploit-db.com/exploits/44354/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.