Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


When outputting the SQL statements for debugging, a maliciously crafted query can trigger a XSS attack (thanks Thrivikram Gujarathi).

This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.


The issue has been patched. To view the patch, go here -

To apply it, grab the two files from:

and replace the existing files in your installation.