CVE-2018-8979

Name of the Vulnerable Software and Affected Versions Open-AudIT Professional version 2.1

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks, which can be used to modify user accounts or inject XSS sequences. This can be achieved by manipulating the credentials URI.

Recommendations For Open-AudIT Professional version 2.1, consider implementing CSRF protection mechanisms to prevent unauthorized modifications to user accounts and injection of XSS sequences. As a temporary workaround, restrict access to the credentials URI to minimize the risk of exploitation.