Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-8979. PoCs published by Nilesh Sapariya.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Open-AuditIT Professional 2.1, allowing an attacker to force a logged-in user to submit a malicious form. The PoC includes an HTML form that, when submitted, adds a credential with an XSS payload in the name field.
Description
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
Exploits (1)
This exploit demonstrates a CSRF vulnerability in Open-AuditIT Professional 2.1, allowing an attacker to force a logged-in user to submit a malicious form. The PoC includes an HTML form that, when submitted, adds a credential with an XSS payload in the name field.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H