Javascript link creation vulnerability
Last revised: 2021-11-01
Summary
Unfortunately there is an issue with link creation in the GUI with Open-AudIT Community.
If a bad value is passed to the routine via a URL, javascript code can be executed.
This requires the user be logged in to Open-AudIT Community to trigger.
Severity: Medium
The conditions of successful exploitation are that the user clicking the bad URL be logged in to Open-AudIT Community.
Products Affected
Open-AudIT Community all versions.
Available Updates
A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.
Workarounds and Mitigations
Download the attached file and place in:
Linux - /usr/local/open-audit/code_igniter/application/helpers/output_helper.php
Windows - c:\xampp\open-audit\code_igniter\application\helpers\output_helper.php