Published: 11/04/2023 Updated: 21/04/2023

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencats opencats 0.9.7

Just a whoami.

cassis@pwnbox:~$ whoami I am 22 years old and live in Rome Cyber Security Analyst & Security Researcher

List of vulnerabilities that I discovered.

🗂 CVE 2023 Date CVE ID Description 11/04/2023 CVE-2023-26845 A Cross-Site Request Forgery (CSRF) in OpenCATS 097 allows attackers to force users into submitting web requests via unspecified vectors 11/04/2023 CVE-2023-26846 A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v097 allows attackers to execute arbitrary web scripts or HTML via a crafte

List of vulnerabilities that I discovered.

🗂 CVE 2023 Date CVE ID Description 11/04/2023 CVE-2023-26845 A Cross-Site Request Forgery (CSRF) in OpenCATS 097 allows attackers to force users into submitting web requests via unspecified vectors 11/04/2023 CVE-2023-26846 A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v097 allows attackers to execute arbitrary web scripts or HTML via a crafte

CWE-79 https://opencats.org https://github.com/cassis-sec/CVE/tree/main/2023/CVE-2023-26847 https://nvd.nist.gov https://github.com/cassis-sec/cassis-sec

CVE-2023-26847

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect