Thrivikram Gujarathi

**Name of the Vulnerable Software and Affected Versions** Opmantek Open-AudIT version 4.0.1 **Description** The issue is related to cross-site scripting (XSS) in Opmantek Open-AudIT. When the software outputs SQL statements for debugging purposes, a maliciously crafted query can trigger an XSS attack. This attack can only succeed if the user is already logged in to Open-AudIT before clicking the malicious link. **Recommendations** For Opmantek Open-AudIT version 4.0.1, consider disabling the debugging feature that outputs SQL statements until a patch is available to prevent potential XSS attacks. Restrict access to the debugging functionality to minimize the risk of exploitation. Avoid clicking on suspicious links, especially when logged in to Open-AudIT, to reduce the risk of triggering an XSS attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.