Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-audit open-audit vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2018-9137
Open-AudIT prior to 2.2 has CSV Injection.
Open-audit Open-audit
1 EDB exploit
5.4
CVSSv3
CVE-2018-9155
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attribut...
Open-audit Open-audit 2.1.1
1 EDB exploit
8.8
CVSSv3
CVE-2018-8979
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
Open-audit Open-audit 2.1
1 EDB exploit
5.4
CVSSv3
CVE-2018-8903
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
Open-audit Open-audit 2.1
1 EDB exploit
6.1
CVSSv3
CVE-2018-8937
An issue exists in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.
Open-audit Open-audit 2.1
5.4
CVSSv3
CVE-2018-8978
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
Open-audit Open-audit 2.1
5.9
CVSSv3
CVE-2021-3130
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the ...
Opmantek Open-audit
1 Github repository
5.4
CVSSv3
CVE-2018-11124
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition prior to 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
Opmantek Open-audit
1 EDB exploit
6.1
CVSSv3
CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
Opmantek Open-audit
8.8
CVSSv3
CVE-2019-16293
The Create Discoveries feature of Open-AudIT prior to 3.2.0 allows an authenticated malicious user to execute arbitrary OS commands via a crafted value for a URL field.
Opmantek Open-audit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »