Opencats

opencats

Vendor: Opencats • 24 CVEs

CVEs (24)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26847 1Opencats 1Opencats Feb 11, 2025 Apr 11, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
CVE-2023-26846 1Opencats 1Opencats Feb 11, 2025 Apr 11, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
CVE-2023-26845 1Opencats 1Opencats Feb 10, 2025 Apr 11, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.
CVE-2023-27295 1Opencats 1Opencats Mar 10, 2025 Feb 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's sessi...Show more Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.Show less
CVE-2023-27294 1Opencats 1Opencats Mar 21, 2025 Feb 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be...Show more Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.Show less
CVE-2023-27293 1Opencats 1Opencats Mar 21, 2025 Feb 28, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user revie...Show more Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.Show less
CVE-2023-27292 1Opencats 1Opencats Mar 21, 2025 Feb 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
CVE-2022-48013 1Opencats 1Opencats Mar 28, 2025 Jan 27, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML vi...Show more Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.Show less
CVE-2022-48012 1Opencats 1Opencats Mar 28, 2025 Jan 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
CVE-2022-48011 1Opencats 1Opencats Mar 28, 2025 Jan 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
CVE-2022-43023 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
CVE-2022-43022 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function.
CVE-2022-43021 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.
CVE-2022-43020 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.
CVE-2022-43019 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.
CVE-2022-43018 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.
CVE-2022-43017 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.
CVE-2022-43016 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.
CVE-2022-43015 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
CVE-2022-43014 1Opencats 1Opencats Sep 24, 2025 Oct 19, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.

12 Next