{"id":"CVE-2018-11124","details":"Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.","modified":"2026-07-08T15:55:29.872880Z","published":"2018-07-06T14:29:00.990Z","references":[{"type":"EVIDENCE","url":"https://docs.google.com/document/d/1dJP1CQupHGXjsMWthgPGepOkcnxYA4mDfdjOE46nrhM/edit?usp=sharing"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45053/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opmantek/open-audit","events":[{"introduced":"0"},{"fixed":"d334c07a7fd74890d9c6b8684231a424c5b09f99"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.2.2"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:opmantek:open-audit:*:*:*:*:community:*:*:*"}}],"versions":["Open-AudIT_2.2.1","Open-AudIT_2.1","Open-AudIT_2.0.11","Open-AudIT_2.0.10","Open-AudIT_2.0.8","Open-AudIT_2.0.6","Open-AudIT_2.0.6_beta","Open-AudIT_2.0.2-1","Open-AudIT_2.0.1-2","Open-AudIT_2.0.1-1","Open-AudIT_2.0.1","Open-AudIT_1.12.8.2","Open-AudIT_1.12.8.1","Open-AudIT_1.12.8","Open-AudIT_1.12.4","Open-AudIT_1.12.2_1","Open-AudIT_1.12.2","Open-AudIT_1.12","Open-AudIT_1.8.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11124.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}