Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by open-audit
CVE-2018-9137 (GCVE-0-2018-9137)
Vulnerability from cvelistv5 – Published: 2018-04-19 08:00 – Updated: 2024-08-05 07:17
VLAI
EPSS
VEX
Summary
Open-AudIT before 2.2 has CSV Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44511/ | exploitx_refsource_EXPLOIT-DB |
| https://community.opmantek.com/display/OA/Errata+… | x_refsource_CONFIRM |
Date Public
2018-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44511/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT before 2.2 has CSV Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44511/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT before 2.2 has CSV Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44511",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44511/"
},
{
"name": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018",
"refsource": "CONFIRM",
"url": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9137",
"datePublished": "2018-04-19T08:00:00.000Z",
"dateReserved": "2018-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9155 (GCVE-0-2018-9155)
Vulnerability from cvelistv5 – Published: 2018-04-12 15:00 – Updated: 2024-08-05 07:17
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44612/ | exploitx_refsource_EXPLOIT-DB |
| https://docs.google.com/document/d/1ZG1qiwpECbVnv… | x_refsource_MISC |
Date Public
2018-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44612",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44612/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-\u003eLogs section (with a logs?logs.type= URI) and the Manage-\u003eAttributes section (via the \"Name (display)\" field to the attributes/create URI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-13T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44612",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44612/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-\u003eLogs section (with a logs?logs.type= URI) and the Manage-\u003eAttributes section (via the \"Name (display)\" field to the attributes/create URI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44612",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44612/"
},
{
"name": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9155",
"datePublished": "2018-04-12T15:00:00.000Z",
"dateReserved": "2018-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8937 (GCVE-0-2018-8937)
Vulnerability from cvelistv5 – Published: 2018-03-26 17:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/open-r… | x_refsource_MISC |
Date Public
2018-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A \"data:text/html;base64,\" payload can be used with JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A \"data:text/html;base64,\" payload can be used with JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8937",
"datePublished": "2018-03-26T17:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8979 (GCVE-0-2018-8979)
Vulnerability from cvelistv5 – Published: 2018-03-25 19:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/csrf-t… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44360/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44360/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-01T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44360/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44360",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44360/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8979",
"datePublished": "2018-03-25T19:00:00.000Z",
"dateReserved": "2018-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8978 (GCVE-0-2018-8978)
Vulnerability from cvelistv5 – Published: 2018-03-25 19:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/open-r… | x_refsource_MISC |
Date Public
2018-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8978",
"datePublished": "2018-03-25T19:00:00.000Z",
"dateReserved": "2018-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8903 (GCVE-0-2018-8903)
Vulnerability from cvelistv5 – Published: 2018-03-22 21:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/csrf-t… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44354/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44354/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44354/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44354/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8903",
"datePublished": "2018-03-22T21:00:00.000Z",
"dateReserved": "2018-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9137 (GCVE-0-2018-9137)
Vulnerability from nvd – Published: 2018-04-19 08:00 – Updated: 2024-08-05 07:17
VLAI
EPSS
VEX
Summary
Open-AudIT before 2.2 has CSV Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44511/ | exploitx_refsource_EXPLOIT-DB |
| https://community.opmantek.com/display/OA/Errata+… | x_refsource_CONFIRM |
Date Public
2018-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44511/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT before 2.2 has CSV Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44511/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT before 2.2 has CSV Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44511",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44511/"
},
{
"name": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018",
"refsource": "CONFIRM",
"url": "https://community.opmantek.com/display/OA/Errata+-+2.1+Security+Update%2C+April+2018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9137",
"datePublished": "2018-04-19T08:00:00.000Z",
"dateReserved": "2018-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9155 (GCVE-0-2018-9155)
Vulnerability from nvd – Published: 2018-04-12 15:00 – Updated: 2024-08-05 07:17
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44612/ | exploitx_refsource_EXPLOIT-DB |
| https://docs.google.com/document/d/1ZG1qiwpECbVnv… | x_refsource_MISC |
Date Public
2018-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44612",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44612/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-\u003eLogs section (with a logs?logs.type= URI) and the Manage-\u003eAttributes section (via the \"Name (display)\" field to the attributes/create URI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-13T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44612",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44612/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-\u003eLogs section (with a logs?logs.type= URI) and the Manage-\u003eAttributes section (via the \"Name (display)\" field to the attributes/create URI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44612",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44612/"
},
{
"name": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9155",
"datePublished": "2018-04-12T15:00:00.000Z",
"dateReserved": "2018-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8937 (GCVE-0-2018-8937)
Vulnerability from nvd – Published: 2018-03-26 17:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/open-r… | x_refsource_MISC |
Date Public
2018-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A \"data:text/html;base64,\" payload can be used with JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A \"data:text/html;base64,\" payload can be used with JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8937",
"datePublished": "2018-03-26T17:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8979 (GCVE-0-2018-8979)
Vulnerability from nvd – Published: 2018-03-25 19:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/csrf-t… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44360/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44360/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-01T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44360",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44360/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44360",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44360/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8979",
"datePublished": "2018-03-25T19:00:00.000Z",
"dateReserved": "2018-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8978 (GCVE-0-2018-8978)
Vulnerability from nvd – Published: 2018-03-25 19:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/open-r… | x_refsource_MISC |
Date Public
2018-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8978",
"datePublished": "2018-03-25T19:00:00.000Z",
"dateReserved": "2018-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8903 (GCVE-0-2018-8903)
Vulnerability from nvd – Published: 2018-03-22 21:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nileshsapariya.blogspot.ae/2018/03/csrf-t… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44354/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44354/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44354/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html",
"refsource": "MISC",
"url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
},
{
"name": "44354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44354/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8903",
"datePublished": "2018-03-22T21:00:00.000Z",
"dateReserved": "2018-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}