Unfortunately there is an issue with link creation in the GUI with Open-AudIT Community.
If a bad value is passed to the routine via a URL, javascript code can be executed.
This requires the user be logged in to Open-AudIT Community to trigger.
This fix will be included in the next release, however for those that wish to patch it straight away, download the attached file and place in:
Linux - /usr/local/open-audit/code_igniter/application/helpers/output_helper.php
Windows - c:\xampp\open-audit\code_igniter\application\helpers\output_helper.php
Apologies for any inconvenience caused.