Vulnerabilities > Opencats

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-11	CVE-2023-26845	Cross-Site Request Forgery (CSRF) vulnerability in Opencats 0.9.7 A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. network low complexity opencats CWE-352	4.3
2023-04-11	CVE-2023-26846	Cross-site Scripting vulnerability in Opencats 0.9.7 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. network low complexity opencats CWE-79	5.4
2023-04-11	CVE-2023-26847	Cross-site Scripting vulnerability in Opencats 0.9.7 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. network low complexity opencats CWE-79	5.4
2023-02-28	CVE-2023-27292	Open Redirect vulnerability in Opencats 0.9.6 An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. network low complexity opencats CWE-601	5.4
2023-02-28	CVE-2023-27293	Cross-site Scripting vulnerability in Opencats 0.9.6 Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. network low complexity opencats CWE-79	6.1
2023-02-28	CVE-2023-27294	Cross-site Scripting vulnerability in Opencats 0.9.6 Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. network low complexity opencats CWE-79	5.4
2023-02-28	CVE-2023-27295	Cross-Site Request Forgery (CSRF) vulnerability in Opencats 0.9.6 Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. network low complexity opencats CWE-352	5.4
2023-01-27	CVE-2022-48011	SQL Injection vulnerability in Opencats 0.9.7 Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. network low complexity opencats CWE-89 critical	9.8
2023-01-27	CVE-2022-48012	Cross-site Scripting vulnerability in Opencats 0.9.7 Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. network low complexity opencats CWE-79	6.1
2023-01-27	CVE-2022-48013	Cross-site Scripting vulnerability in Opencats 0.9.7 Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. network low complexity opencats CWE-79	5.4

Vulnerabilities > Opencats {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Opencats"}]}

Vulnerabilities > Opencats