Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencats opencats vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-27293
Improper neutralization of input during web page generation allows an unauthenticated malicious user to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used...
Opencats Opencats 0.9.6
5.4
CVSSv3
CVE-2023-27292
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
Opencats Opencats 0.9.6
5.4
CVSSv3
CVE-2023-27294
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to th...
Opencats Opencats 0.9.6
5.4
CVSSv3
CVE-2023-27295
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.
Opencats Opencats 0.9.6
4.3
CVSSv3
CVE-2023-26845
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows malicious users to force users into submitting web requests via unspecified vectors.
Opencats Opencats 0.9.7
3 Github repositories
5.4
CVSSv3
CVE-2023-26846
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
Opencats Opencats 0.9.7
3 Github repositories
5.4
CVSSv3
CVE-2023-26847
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
Opencats Opencats 0.9.7
3 Github repositories
9.8
CVSSv3
CVE-2022-48011
Opencats v0.9.7 exists to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
Opencats Opencats 0.9.7
6.1
CVSSv3
CVE-2022-48012
Opencats v0.9.7 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
Opencats Opencats 0.9.7
5.4
CVSSv3
CVE-2022-48013
Opencats v0.9.7 exists to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title tex...
Opencats Opencats 0.9.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »