Open-AudIT Community 2.2.0 Cross Site Scripting
- Date Published:2018-05-15
- Last Updated:2018-05-15
- Version Affected: Open-AudIT 2.2.0
- CVE: CVE-2018-10314
Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes. Open-AudIT will run on Windows and Linux systems. Essentially, Open-AudIT is a database of information, that can be queried via a web interface. Data about the network is inserted via a Bash Script (Linux) or VBScript (Windows). The entire application is written in php, bash and vbscript.
Open-AudIT has been proven to have a reflective cross-site scripting vulnerability.
The vulnerability allows arbitrary HTML or script code to be executed in the victim's browser.
attackers can execute malicious code in the victim's browser to perform various activities, such as stealing cookies, session tokens, credentials, and personal data.