Vulnerabilities > Opencats > Opencats > 0.9.6

DATE CVE VULNERABILITY TITLE RISK
2023-02-28 CVE-2023-27292 Open Redirect vulnerability in Opencats 0.9.6
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
network
low complexity
opencats CWE-601
5.4
5.4
2023-02-28 CVE-2023-27293 Cross-site Scripting vulnerability in Opencats 0.9.6
Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission.
network
low complexity
opencats CWE-79
6.1
6.1
2023-02-28 CVE-2023-27294 Cross-site Scripting vulnerability in Opencats 0.9.6
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event.
network
low complexity
opencats CWE-79
5.4
5.4
2023-02-28 CVE-2023-27295 Cross-Site Request Forgery (CSRF) vulnerability in Opencats 0.9.6
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests.
network
low complexity
opencats CWE-352
5.4
5.4
2022-10-19 CVE-2022-43014 Cross-site Scripting vulnerability in Opencats 0.9.6
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
network
low complexity
opencats CWE-79
6.1
6.1
2022-10-19 CVE-2022-43015 Cross-site Scripting vulnerability in Opencats 0.9.6
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
network
low complexity
opencats CWE-79
6.1
6.1
2022-10-19 CVE-2022-43016 Cross-site Scripting vulnerability in Opencats 0.9.6
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.
network
low complexity
opencats CWE-79
6.1
6.1
2022-10-19 CVE-2022-43017 Cross-site Scripting vulnerability in Opencats 0.9.6
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.
network
low complexity
opencats CWE-79
6.1
6.1
2022-10-19 CVE-2022-43018 Cross-site Scripting vulnerability in Opencats 0.9.6
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.
network
low complexity
opencats CWE-79
6.1
6.1
2022-10-19 CVE-2022-43019 Deserialization of Untrusted Data vulnerability in Opencats 0.9.6
OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.
network
low complexity
opencats CWE-502
critical
 9.8
9.8