XSS Vulnerability in Open-AudIT Professional by Open-AudIT
CVE-2018-8978

5.4MEDIUM

Key Information:

Vendor: Open-audit
Status: Open-audit
Vendor: CVE Published:; 25 March 2018

What is CVE-2018-8978?

Open-AudIT Professional 2.1 contains a vulnerability that allows attackers to exploit Cross-Site Scripting (XSS) via a maliciously crafted 'src' attribute in an IMG element. This could enable unauthorized actions or data exposure by executing scripts in the context of the user's session.

References

https://nileshsapariya.blogspot.ae/2018/03/open-redirect-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2018
Vulnerability Reserved
Mar 24, 2018

Open-audit

What is CVE-2018-8978?

References

CVSS V3.1

Timeline