Ranjeet Jaiswal

**Name of the Vulnerable Software and Affected Versions** Open-Audit Community version 2.2.6 **Description** A cross-site scripting (XSS) issue exists in the Groups Page, allowing remote attackers to inject arbitrary web script or HTML via the `group name` variable. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For Open-Audit Community version 2.2.6, update to a version that includes a fix for this issue, as using the current version poses a significant risk due to the possibility of code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open-AudIT Community edition versions prior to 2.2.2 **Description** A cross-site scripting (XSS) issue exists in the Attributes functionality, allowing remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue.