Nilesh_Loganx

**Name of the Vulnerable Software and Affected Versions** Open-AudIT Professional version 2.1 **Description** The issue allows for Cross-Site Request Forgery (CSRF) attacks, which can be used to modify user accounts or inject XSS sequences. This can be achieved by manipulating the credentials URI. **Recommendations** For Open-AudIT Professional version 2.1, consider implementing CSRF protection mechanisms to prevent unauthorized modifications to user accounts and injection of XSS sequences. As a temporary workaround, restrict access to the credentials URI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open-AudIT Professional version 2.1 **Description** The issue allows for cross-site scripting (XSS) attacks via the `Name` or `Description` field on the Credentials screen. **Recommendations** For Open-AudIT Professional version 2.1, update to a version that includes a fix for this issue, as using the `Name` or `Description` field on the Credentials screen can lead to XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.