CVE-2018-9155
Last modified
CVE-2018-9155 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).. EPSS estimates a 1.18% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Open-Audit | Open-Audit | 2.1.1 |
References
- https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharingExploit, Third Party Advisory
- https://www.exploit-db.com/exploits/44612/Exploit, Third Party Advisory, VDB Entry
- https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharingExploit, Third Party Advisory
- https://www.exploit-db.com/exploits/44612/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-9155?
How severe is CVE-2018-9155?
How do I fix CVE-2018-9155?
Are you affected by CVE-2018-9155?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST