Opencats
by Opencats
Source repositories
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26846 | Med | 0.35 | 5.4 | 0.00 | Apr 11, 2023 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. | ||
| CVE-2023-27295 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2023 | Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited. | ||
| CVE-2023-27294 | Med | 0.35 | 5.4 | 0.01 | Feb 28, 2023 | Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that… | ||
| CVE-2023-27292 | Med | 0.35 | 5.4 | 0.01 | Feb 28, 2023 | An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | ||
| CVE-2022-48013 | Med | 0.35 | 5.4 | 0.01 | Jan 27, 2023 | Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title… | ||
| CVE-2023-26845 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2023 | A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. | ||
| CVE-2019-13358 | Hig | 0.05 | 7.5 | 0.24 | Jul 5, 2019 | lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. | ||
| CVE-2021-41560 | Cri | 0.01 | 9.8 | 0.11 | Dec 15, 2021 | OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. |
- risk 0.35cvss 5.4epss 0.00
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
- risk 0.35cvss 5.4epss 0.00
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.
- risk 0.35cvss 5.4epss 0.01
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that…
- risk 0.35cvss 5.4epss 0.01
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
- risk 0.35cvss 5.4epss 0.01
Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title…
- risk 0.28cvss 4.3epss 0.00
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.
- risk 0.05cvss 7.5epss 0.24
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
- risk 0.01cvss 9.8epss 0.11
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
Page 2 of 2