CVE-2018-9155
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
Public Exploit Available
A Proof-of-Concept (PoC) or exploit code for this vulnerability is publicly available. This significantly increases the risk of exploitation.
Exploitation Probability (EPSS)
Low PriorityThe Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.
7-Day Exploitation Trend
Vulnerability Timeline
2 eventsThreat Actor Attribution
PREMIUM INTELRemediation & Mitigation
SOLUTIONOfficial patches and mitigation steps are available for this vulnerability.
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
Affected Products
Am I Vulnerable?
Check your domain or package.json for CVE-2018-9155 exposure.
Vulnerability Details
Need Manual Validation?
Automated scanners flag false positives. Get a manual pentest validation for this CVE.