CVE-2018-10314

Name of the Vulnerable Software and Affected Versions: Open-AudIT Community version 2.2.0

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component. This is demonstrated by the action parameter in the "Discover -> Audit Scripts -> List Scripts -> Download" section.

Recommendations: For Open-AudIT Community version 2.2.0, consider restricting access to the Discover -> Audit Scripts -> List Scripts -> Download section until a patch is available. As a temporary workaround, avoid using crafted component names in this section to minimize the risk of exploitation.