Filtered by vendor Opmantek
Subscribe
Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3130 | 1 Opmantek | 1 Open-audit | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | |||||
| CVE-2021-44916 | 1 Opmantek | 1 Open-audit | 2022-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. | |||||
| CVE-2021-44674 | 1 Opmantek | 1 Open-audit | 2022-01-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | |||||
| CVE-2021-3333 | 1 Opmantek | 1 Open-audit | 2021-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. | |||||
| CVE-2020-12261 | 1 Opmantek | 1 Open-audit | 2020-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT 3.3.0 allows an XSS attack after login. | |||||
| CVE-2018-16607 | 1 Opmantek | 1 Open-audit | 2018-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | |||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||
| CVE-2018-11124 | 1 Opmantek | 1 Open-audit | 2018-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | |||||
| CVE-2018-10314 | 1 Opmantek | 1 Open-audit | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | |||||
| CVE-2016-5642 | 1 Opmantek | 1 Network Management Information System | 2017-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||||