Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencats opencats 0.9.6 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-27292
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
Opencats Opencats 0.9.6
6.1
CVSSv3
CVE-2023-27293
Improper neutralization of input during web page generation allows an unauthenticated malicious user to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used...
Opencats Opencats 0.9.6
5.4
CVSSv3
CVE-2023-27294
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to th...
Opencats Opencats 0.9.6
5.4
CVSSv3
CVE-2023-27295
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.
Opencats Opencats 0.9.6
6.1
CVSSv3
CVE-2022-43014
OpenCATS v0.9.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
Opencats Opencats 0.9.6
6.1
CVSSv3
CVE-2022-43015
OpenCATS v0.9.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
Opencats Opencats 0.9.6
6.1
CVSSv3
CVE-2022-43016
OpenCATS v0.9.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.
Opencats Opencats 0.9.6
6.1
CVSSv3
CVE-2022-43017
OpenCATS v0.9.6 exists to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.
Opencats Opencats 0.9.6
9.8
CVSSv3
CVE-2022-43019
OpenCATS v0.9.6 exists to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.
Opencats Opencats 0.9.6
6.5
CVSSv3
CVE-2022-43020
OpenCATS v0.9.6 exists to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.
Opencats Opencats 0.9.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »