Vulnerabilities > Opencats > Opencats > 0.9.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-26845 | Cross-Site Request Forgery (CSRF) vulnerability in Opencats 0.9.7 A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. | 4.3 |
| 2023-04-11 | CVE-2023-26846 | Cross-site Scripting vulnerability in Opencats 0.9.7 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. | 5.4 |
| 2023-04-11 | CVE-2023-26847 | Cross-site Scripting vulnerability in Opencats 0.9.7 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. | 5.4 |
| 2023-01-27 | CVE-2022-48011 | SQL Injection vulnerability in Opencats 0.9.7 Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | 9.8 |
| 2023-01-27 | CVE-2022-48012 | Cross-site Scripting vulnerability in Opencats 0.9.7 Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. | 6.1 |
| 2023-01-27 | CVE-2022-48013 | Cross-site Scripting vulnerability in Opencats 0.9.7 Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. | 5.4 |