Javascript link creation vulnerability
Last revised: 2021-11-01
Summary
Unfortunately there is an issue with link creation in the GUI with Open-AudIT Community.
...
This requires the user be logged in to Open-AudIT Community to trigger..
Severity: Medium
The conditions of successful exploitation are that the user clicking the bad URL be logged in to Open-AudIT Community.
Products Affected
Open-AudIT Community all versions.
Available Updates
A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.
Workarounds and Mitigations
Download This fix will be included in the next release, however for those that wish to patch it straight away, download the attached file and place in:
...
Windows - c:\xampp\open-audit\code_igniter\application\helpers\output_helper.php
...