Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
open-audit open-audit 2.1