CVE-2021-44916

MEDIUM

Open-AudIT < 4.2.0 - Cross-Site Scripting via URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44916. PoCs published by Dominic Clark.

AI-analyzed exploit summary This exploit demonstrates an authenticated cross-site scripting (XSS) vulnerability in Open-AudIT Community 4.2.0. The vulnerability is triggered by injecting malicious JavaScript into the URL, which executes when the user hovers over a crafted link.

Description

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

Exploits (1)

exploitdb WORKING POC
by Dominic Clark · textwebappsphp
https://www.exploit-db.com/exploits/50651

This exploit demonstrates an authenticated cross-site scripting (XSS) vulnerability in Open-AudIT Community 4.2.0. The vulnerability is triggered by injecting malicious JavaScript into the URL, which executes when the user hovers over a crafted link.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Open-AudIT Community <= 4.2.0
Auth required
Prerequisites: Authenticated session in Open-AudIT · User interaction (hovering over the crafted link)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0371
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
opmantek/open-audit < 4.2.0
Published Dec 20, 2021
Tracked Since Feb 18, 2026