Filtered by vendor Opencats
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27293 | 1 Opencats | 1 Opencats | 2024-08-02 | 6.1 Medium |
Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge. | ||||
CVE-2023-26845 | 1 Opencats | 1 Opencats | 2024-08-02 | 4.3 Medium |
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. | ||||
CVE-2023-26847 | 1 Opencats | 1 Opencats | 2024-08-02 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. | ||||
CVE-2023-26846 | 1 Opencats | 1 Opencats | 2024-08-02 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. |