CVE-2018-10314: XSS
First published: Thu May 10 2018(Updated: )
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opmantek Open-AudIT | =2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10314?
The severity of CVE-2018-10314 is medium.
How does the XSS vulnerability in Open-AudIT Community 2.2.0 work?
The XSS vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component.
Which section of Open-AudIT Community 2.2.0 is affected by CVE-2018-10314?
The Discover -> Audit Scripts -> List Scripts -> Download section of Open-AudIT Community 2.2.0 is affected by CVE-2018-10314.
How can I fix the XSS vulnerability in Open-AudIT Community 2.2.0?
To fix the XSS vulnerability, upgrade to a version of Open-AudIT Community that is not affected by the vulnerability.
What is the CWE classification of CVE-2018-10314?
The CWE classification of CVE-2018-10314 is CWE-79, which refers to Cross-Site Scripting (XSS) vulnerabilities.
- collector/nvd-index
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/opmantek
- canonical/opmantek open-audit
- version/opmantek open-audit/2.2.0