{"id":"CVE-2018-16607","details":"Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.","modified":"2026-07-08T17:18:10.786708Z","published":"2018-09-19T15:29:19.437Z","references":[{"type":"EVIDENCE","url":"https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opmantek/open-audit","events":[{"introduced":"c41d713e3f4b3694092451d431f914b50934b0bd"},{"last_affected":"c41d713e3f4b3694092451d431f914b50934b0bd"}],"database_specific":{"cpe":"cpe:2.3:a:opmantek:open-audit:2.2.7:*:*:*:professional:*:*:*","extracted_events":[{"introduced":"2.2.7"},{"last_affected":"2.2.7"}],"source":"CPE_STRING"}}],"versions":["2.2.7","Open-AudIT_2.2.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16607.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}