← back
CVE-2018-9155

CVE-2018-9155

EPSS 1.2%
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44612/unverifiedexploitdbwww.exploit-db.com/exploits/44612unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharinghttps://www.exploit-db.com/exploits/44612/