Published: 11/04/2023 Updated: 20/04/2023

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 0

A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows malicious users to force users into submitting web requests via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencats opencats 0.9.7

Just a whoami.

cassis@pwnbox:~$ whoami I am 22 years old and live in Rome Cyber Security Analyst & Security Researcher

List of vulnerabilities that I discovered.

🗂 CVE 2023 Date CVE ID Description 11/04/2023 CVE-2023-26845 A Cross-Site Request Forgery (CSRF) in OpenCATS 097 allows attackers to force users into submitting web requests via unspecified vectors 11/04/2023 CVE-2023-26846 A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v097 allows attackers to execute arbitrary web scripts or HTML via a crafte

List of vulnerabilities that I discovered.

🗂 CVE 2023 Date CVE ID Description 11/04/2023 CVE-2023-26845 A Cross-Site Request Forgery (CSRF) in OpenCATS 097 allows attackers to force users into submitting web requests via unspecified vectors 11/04/2023 CVE-2023-26846 A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v097 allows attackers to execute arbitrary web scripts or HTML via a crafte

CWE-352 https://opencats.org https://github.com/cassis-sec/CVE/tree/main/2023/CVE-2023-26845 https://nvd.nist.gov https://github.com/cassis-sec/cassis-sec

CVE-2023-26845

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect