Javascript link creation vulnerability

Last revised: 2021-11-01


Unfortunately there is an issue with link creation in the GUI with Open-AudIT Community.

If a bad value is passed to the routine via a URL, javascript code can be executed.

This requires the user be logged in to Open-AudIT Community to trigger.

Severity: Medium

The conditions of successful exploitation are that the user clicking the bad URL be logged in to Open-AudIT Community.

Products Affected

Open-AudIT Community all versions.

Available Updates

A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.

Workarounds and Mitigations

Download the attached file and replace the following file:

Linux - /usr/local/open-audit/code_igniter/application/helpers/output_helper.php

Windows - c:\xampp\open-audit\code_igniter\application\helpers\output_helper.php

The file is also available on Github at

You can view the associated commits also on Github at:


  • No labels