Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Open\-Audit
(Opmantek)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-27 | CVE-2020-11941 | An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. | Open\-Audit | N/A | ||
| 2019-09-13 | CVE-2019-16293 | The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | Open\-Audit | N/A | ||
| 2018-09-19 | CVE-2018-16607 | Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | Open\-Audit | 5.4 | ||
| 2018-07-25 | CVE-2018-14493 | Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | Open\-Audit | 6.1 | ||
| 2018-07-06 | CVE-2018-11124 | Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | Open\-Audit | 5.4 | ||
| 2018-05-10 | CVE-2018-10314 | Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | Open\-Audit | 5.4 |