Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated userβs session when visited.
[
{
"vendor": "n/a",
"product": "OpenCATS",
"versions": [
{
"version": "0.9.6",
"status": "affected"
}
]
}
]