Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencats opencats vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-41560
OpenCATS up to and including 0.9.6 allows remote malicious users to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
Opencats Opencats
1 Github repository
10
CVSSv2
CVE-2021-25294
OpenCATS up to and including 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can lev...
Opencats Opencats
5
CVSSv2
CVE-2019-13358
lib/DocumentToText.php in OpenCats prior to 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
Opencats Opencats
3 Github repositories
4.3
CVSSv2
CVE-2021-25295
OpenCATS up to and including 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.
Opencats Opencats
NA
CVE-2023-26846
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
Opencats Opencats 0.9.7
3 Github repositories
NA
CVE-2023-26847
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
Opencats Opencats 0.9.7
3 Github repositories
NA
CVE-2023-26845
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows malicious users to force users into submitting web requests via unspecified vectors.
Opencats Opencats 0.9.7
3 Github repositories
NA
CVE-2023-27293
Improper neutralization of input during web page generation allows an unauthenticated malicious user to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used...
Opencats Opencats 0.9.6
NA
CVE-2023-27292
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
Opencats Opencats 0.9.6
NA
CVE-2023-27294
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to th...
Opencats Opencats 0.9.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »