CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

274 matches found

Vulnrichment•added 2023/04/11 12:0 a.m.•6 views

CVE-2023-26846

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...

5.2AI score0.00412EPSS

Exploits0References2

CNNVD•added 2023/04/11 12:0 a.m.•4 views

OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCATS version v0.9.7. An attacker can exploit this vulnerability to execute arbitrary Web script or HTML via a specially crafted payload injected into the city parameter of...

5.4CVSS5.6AI score0.00412EPSS

Exploits0References6

CNNVD•added 2023/04/11 12:0 a.m.•3 views

OpenCats 跨站请求伪造漏洞

OpenCats is an open source recruitment process management system. A cross-site request forgery vulnerability exists in OpenCats version 0.9.7. An attacker could exploit this vulnerability to force a user to submit a web request via an unspecified vector...

4.3CVSS5AI score0.00234EPSS

Exploits0References6

CNNVD•added 2023/04/11 12:0 a.m.•2 views

OpenCats 跨站脚本漏洞

OpenCATS is a leading open source applicant tracking system for recruiters and companies. A security vulnerability exists in OpenCats v0.9.7. An attacker could use the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the state parameter of...

5.4CVSS6.7AI score0.00429EPSS

Exploits0References6

Cvelist•added 2023/04/11 12:0 a.m.•17 views

CVE-2023-26845

A Cross-Site Request Forgery CSRF in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors...

4.9AI score0.00234EPSS

Exploits0References2

CVE•added 2023/04/11 12:0 a.m.•42 views

CVE-2023-26846

OpenCATS 0.9.7 is affected by a stored XSS vulnerability in the city parameter of opencats/index.php?m=candidates. The issue allows execution of arbitrary web scripts/HTML in a victim’s browser. Root cause is a stored XSS in that endpoint; no fix version is provided in the documents. Practical im...

5.4CVSS5.2AI score0.00412EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/04/11 12:0 a.m.•4 views

PT-2023-20821 · Opencats · Opencats

Name of the Vulnerable Software and Affected Versions: OpenCATS version 0.9.7 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at "opencats/index.php?m=candidates". This enables...

5.4CVSS5.3AI score0.00412EPSS

Exploits0References7

CVE•added 2023/04/11 12:0 a.m.•36 views

CVE-2023-26845

CVE-2023-26845 concerns OpenCATS 0.9.7 with a Cross-Site Request Forgery (CSRF) flaw. The public data states that an attacker can coerce an authenticated user into submitting web requests via unspecified vectors. The CVSS metrics (NVD/CVE sources) describe a network-attack vector with low attack ...

4.3CVSS4.6AI score0.00234EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/04/11 12:0 a.m.•5 views

CVE-2023-26847

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...

5.3AI score0.00429EPSS

Exploits0References2

Cvelist•added 2023/04/11 12:0 a.m.•24 views

CVE-2023-26846

5.4AI score0.00412EPSS

Exploits0References2

Cvelist•added 2023/04/11 12:0 a.m.•20 views

CVE-2023-26847

5.4AI score0.00429EPSS

Exploits0References2

CVE•added 2023/04/11 12:0 a.m.•50 views

CVE-2023-26847

OpenCATS v0.9.7 is affected by a stored XSS vulnerability. The issue arises from untrusted input in the state parameter of opencats/index.php?m=candidates, allowing attackers to inject and execute arbitrary web scripts/HTML when the payload is processed. Affected component: OpenCATS web applicati...

5.4CVSS5.2AI score0.00429EPSS

Exploits0References2Affected Software1

NVD•added 2023/02/28 5:15 p.m.•8 views

CVE-2023-27292

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

5.4CVSS5.6AI score0.01027EPSS

Exploits1References1

NVD•added 2023/02/28 5:15 p.m.•11 views

CVE-2023-27295

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited...

5.4CVSS5.5AI score0.0035EPSS

Exploits1References1

OSV•added 2023/02/28 5:15 p.m.•10 views

CVE-2023-27295

5.4CVSS7AI score

Exploits0References1

OSV•added 2023/02/28 5:15 p.m.•6 views

CVE-2023-27292

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

5.4CVSS7.3AI score

Exploits0References1

Prion•added 2023/02/28 5:15 p.m.•11 views

Cross site request forgery (csrf)

5.8CVSS5.4AI score0.0035EPSS

Exploits1References1Affected Software1

Prion•added 2023/02/28 5:15 p.m.•16 views

Open redirect

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

4.9CVSS5.6AI score0.01027EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/02/28 12:0 a.m.•6 views

CVE-2023-27295

5.7AI score0.0035EPSS

Exploits1References1

CNNVD•added 2023/02/28 12:0 a.m.•3 views

OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version 0.9.6, which stems from improper input neutralization and can be exploited by an attacker to steal cookies from other users...

6.1CVSS6.2AI score0.00596EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by