Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audit vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
Opmantek Open-audit
5.4
CVSSv3
CVE-2020-12261
Open-AudIT 3.3.0 allows an XSS attack after login.
Opmantek Open-audit 3.3.0
8.8
CVSSv3
CVE-2020-11941
An issue exists in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
Opmantek Open-audit 3.2.2
8.8
CVSSv3
CVE-2020-11943
An issue exists in Open-AudIT 3.2.2. There is Arbitrary file upload.
Opmantek Open-audit 3.2.2
6.1
CVSSv3
CVE-2018-14493
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote malicious users to inject arbitrary web script or HTML via the group name.
Opmantek Open-audit 2.2.6
1 EDB exploit
6.1
CVSSv3
CVE-2021-3333
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
Opmantek Open-audit 4.0.1
5.5
CVSSv3
CVE-2021-24445
The My Site Audit WordPress plugin up to and including 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticat...
Draftpress My Site Audit
8.8
CVSSv3
CVE-2019-1003075
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Audit To Database -
6.5
CVSSv3
CVE-2019-1003076
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Audit To Database
6.5
CVSSv3
CVE-2019-1003077
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Audit To Database
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »