Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencats opencats vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2019-13358
lib/DocumentToText.php in OpenCats prior to 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
Opencats Opencats
3 Github repositories
890
VMScore
CVE-2021-41560
OpenCATS up to and including 0.9.6 allows remote malicious users to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
Opencats Opencats
1 Github repository
383
VMScore
CVE-2021-25295
OpenCATS up to and including 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.
Opencats Opencats
890
VMScore
CVE-2021-25294
OpenCATS up to and including 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can lev...
Opencats Opencats
NA
CVE-2022-48011
Opencats v0.9.7 exists to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
Opencats Opencats 0.9.7
NA
CVE-2022-48012
Opencats v0.9.7 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
Opencats Opencats 0.9.7
NA
CVE-2022-48013
Opencats v0.9.7 exists to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title tex...
Opencats Opencats 0.9.7
NA
CVE-2023-26846
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
Opencats Opencats 0.9.7
3 Github repositories
NA
CVE-2023-26847
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
Opencats Opencats 0.9.7
3 Github repositories
NA
CVE-2022-43014
OpenCATS v0.9.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
Opencats Opencats 0.9.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »