CVE-2018-16607

Name of the Vulnerable Software and Affected Versions Open-AudIT Professional edition version 2.2.7

Description A cross-site scripting (XSS) issue exists in the Orgs Page, allowing remote attackers to inject arbitrary web script via the Orgs name field. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For Open-AudIT Professional edition version 2.2.7, update to a version that fixes this issue to prevent remote attackers from injecting arbitrary web scripts. As a temporary workaround, consider restricting input to the Orgs name field to minimize the risk of exploitation.