Opencats v0.9.7 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
opencats opencats 0.9.7