Skip to end of banner
Go to start of banner

Errata - 4.2.0 and earlier Javascript vulnerability

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Javascript link creation vulnerability

Last revised: 2021-11-01

Summary

Unfortunately there is an issue with link creation in the GUI with Open-AudIT Community.

If a bad value is passed to the routine via a URL, javascript code can be executed.

This requires the user be logged in to Open-AudIT Community to trigger.

Severity: Medium

The conditions of successful exploitation are that the user clicking the bad URL be logged in to Open-AudIT Community.

Products Affected

Open-AudIT Community all versions.

Available Updates

A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.

Workarounds and Mitigations

Download the attached file and place in:

Linux - /usr/local/open-audit/code_igniter/application/helpers/output_helper.php
Windows - c:\xampp\open-audit\code_igniter\application\helpers\output_helper.php


  • No labels