Javascript link creation vulnerability
Last revised: 2021-11-01
Summary
Unfortunately there is an issue with link creation in the GUI with Open-AudIT Community.
...
This requires the user be logged in to Open-AudIT Community to trigger.This fix will be included in the next release, however for those that wish to patch it straight away, download .
Severity: Medium
The conditions of successful exploitation are that the user clicking the bad URL be logged in to Open-AudIT Community.
Products Affected
Open-AudIT Community all versions.
Available Updates
A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.
Workarounds and Mitigations
Download the attached file and place in:
...
Windows - c:\xampp\open-audit\code_igniter\application\helpers\output_helper.php
...