Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-audit vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-9137
Open-AudIT prior to 2.2 has CSV Injection.
Open-audit Open-audit
1 EDB exploit
5.8
CVSSv2
CVE-2018-8937
An issue exists in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.
Open-audit Open-audit 2.1
6.8
CVSSv2
CVE-2018-8979
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
Open-audit Open-audit 2.1
1 EDB exploit
3.5
CVSSv2
CVE-2018-8903
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
Open-audit Open-audit 2.1
1 EDB exploit
3.5
CVSSv2
CVE-2018-9155
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attribut...
Open-audit Open-audit 2.1.1
1 EDB exploit
3.5
CVSSv2
CVE-2018-8978
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
Open-audit Open-audit 2.1
3.5
CVSSv2
CVE-2018-11124
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition prior to 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
Opmantek Open-audit
1 EDB exploit
6.5
CVSSv2
CVE-2019-16293
The Create Discoveries feature of Open-AudIT prior to 3.2.0 allows an authenticated malicious user to execute arbitrary OS commands via a crafted value for a URL field.
Opmantek Open-audit
7.5
CVSSv2
CVE-2021-40612
An issue exists in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
Opmantek Open-audit
4.3
CVSSv2
CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
Opmantek Open-audit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »