CVE-2021-44916

Опубликовано: 20 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

Ссылки

http://packetstormsecurity.com/files/165502/Open-AudIT-Community-4.2.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability
Mitigation
Patch
Vendor Advisory
https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0
Release Notes
Vendor Advisory
https://github.com/Opmantek/open-audit/commit/e37b64bbd0219f03cb71cc1cd5bb010166a2b846
Patch
Third Party Advisory
http://packetstormsecurity.com/files/165502/Open-AudIT-Community-4.2.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability
Mitigation
Patch
Vendor Advisory
https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0
Release Notes
Vendor Advisory
https://github.com/Opmantek/open-audit/commit/e37b64bbd0219f03cb71cc1cd5bb010166a2b846
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opmantek:open-audit:*:*:*:*:community:*:*:*

Версия до 4.2.0 (включая)

EPSS

Процентиль: 89%

0.04458

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w4hj-6g7h-5wc8

github

около 4 лет назад