VYPR

Opencats

by Opencats

Source repositories

CVEs (28)

  • CVE-2023-26846MedApr 11, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.

  • CVE-2023-27295MedFeb 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.

  • CVE-2023-27294MedFeb 28, 2023
    risk 0.35cvss 5.4epss 0.01

    Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that…

  • CVE-2023-27292MedFeb 28, 2023
    risk 0.35cvss 5.4epss 0.01

    An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.

  • CVE-2022-48013MedJan 27, 2023
    risk 0.35cvss 5.4epss 0.01

    Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title…

  • CVE-2023-26845MedApr 11, 2023
    risk 0.28cvss 4.3epss 0.00

    A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.

  • CVE-2019-13358HigJul 5, 2019
    risk 0.05cvss 7.5epss 0.24

    lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

  • CVE-2021-41560CriDec 15, 2021
    risk 0.01cvss 9.8epss 0.11

    OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.

Page 2 of 2