Opencats: >> Opencats >> 0.9.7 Security Vulnerabilities
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-04-11
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-11
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-04-11
Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-01-27
Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
CVSS Score
6.1
EPSS Score
0.038
Published
2023-01-27
Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-01-27