header-logo
Suggest Exploit
vendor:
Open-AudIT
by:
Kamaljeet Kumar
5.4
CVSS
MEDIUM
Reflective Cross-Site Scripting
79
CWE
Product Name: Open-AudIT
Affected Version From: 3.3.0
Affected Version To: 3.3.0
Patch Exists: YES
Related CWE: CVE-2020-12261
CPE: a:opmantek:open-audit:3.3.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2020

Open-AudIT 3.3.0 – Reflective Cross-Site Scripting (Authenticated)

Open-AudIT 3.3.0 is vulnerable to a reflective cross-site scripting vulnerability. An authenticated user can inject malicious JavaScript code into the search parameter of the application, which is then reflected back to the user and executed in the user's browser. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Open-AudIT.
Source

Exploit-DB raw data:

# Exploit Title: Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)
# Date: 2020-04-26
# Exploit Author: Kamaljeet Kumar 
# Vendor Homepage: https://opmantek.com/network-discovery-inventory-software/
# Software Link: https://www.open-audit.org/downloads.php
# Version: 3.3.0
# CVE : CVE-2020-12261
# POC:
Step 1: Login to Open-Audit
Step 2: Go to "http://192.168.0.4/open-audit/index.php/search/" and add this "<svg><animate onend=alert(1) attributeName=x dur=1s>" payload after the search, the URL look like: http://192.168.0.4/open-audit/index.php/search/<svg><animate onend=alert(1) attributeName=x dur=1s>

Then we get the XSS pop up.

Navigation

Suggest Exploit

Services By CQR