CVE-2020-1226128.04.2020, 22:15Open-AudIT 3.3.0 allows an XSS attack after login.Cross-site ScriptingEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.4 MEDIUMNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 45%VendorProductVersionopmantekopen-audit3.3.0𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/157401/Open-AudIT-3.3.0-Cross-Site-Scripting.htmlhttp://packetstormsecurity.com/files/157401/Open-AudIT-3.3.0-Cross-Site-Scripting.htmlCommon Weakness EnumerationCWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Referenceshttp://packetstormsecurity.com/files/157401/Open-AudIT-3.3.0-Cross-Site-Scripting.htmlhttps://community.opmantek.com/display/OA/Errata+-+3.3.0+XSS+in+error+templateshttps://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.1https://www.exploit-db.com/exploits/48516http://packetstormsecurity.com/files/157401/Open-AudIT-3.3.0-Cross-Site-Scripting.htmlhttps://community.opmantek.com/display/OA/Errata+-+3.3.0+XSS+in+error+templateshttps://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.1https://www.exploit-db.com/exploits/48516