CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

274 matches found

CNNVD•added 2023/02/28 12:0 a.m.•4 views

OpenCats 跨站请求伪造漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version 0.9.6, which stems from a cross-site request forgery vulnerability that can be exploited by an attacker to execute Javascript...

5.4CVSS5.6AI score0.0035EPSS

Exploits1References3

CVE•added 2023/02/28 12:0 a.m.•45 views

CVE-2023-27295

OpenCATS suffers a Cross-Site Request Forgery due to failure to require CSRF tokens on POST requests. An attacker can create a page that executes JavaScript within an authenticated user’s session. Multiple sources (e.g., CNNVD citing OpenCATS 0.9.6) corroborate the CSRF issue, but no concrete rem...

5.4CVSS5.4AI score0.0035EPSS

Exploits1References1Affected Software1

CNNVD•added 2023/02/28 12:0 a.m.•4 views

OpenCats 跨站脚本漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in OpenCats version 0.9.6 that stems from improper input neutralization and can be exploited by an attacker to steal...

5.4CVSS5.7AI score0.0053EPSS

Exploits1References3

Cvelist•added 2023/02/28 12:0 a.m.•16 views

CVE-2023-27295

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited...

5.7AI score0.0035EPSS

Exploits1References1

Cvelist•added 2023/02/28 12:0 a.m.•13 views

CVE-2023-27292

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

5.9AI score0.01027EPSS

Exploits1References1

CNNVD•added 2023/02/28 12:0 a.m.•2 views

OpenCats 输入验证错误漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version 0.9.6, which stems from an open redirection vulnerability due to improper validation of user-supplied parameters...

5.4CVSS5.7AI score0.01027EPSS

Exploits1References3

Positive Technologies•added 2023/02/28 12:0 a.m.•2 views

PT-2023-21054 · Opencats · Opencats

Name of the Vulnerable Software and Affected Versions: OpenCATS affected versions not specified Description: The issue is related to an open redirect vulnerability that exposes OpenCATS to template injection. This occurs due to improper validation of user-supplied GET parameters. Recommendations:...

5.4CVSS5.4AI score0.01027EPSS

Exploits1References4

Vulnrichment•added 2023/02/28 12:0 a.m.•4 views

CVE-2023-27292

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters...

6AI score0.01027EPSS

Exploits1References1

CVE•added 2023/02/28 12:0 a.m.•61 views

CVE-2023-27292

OpenCATS (OpenCATS) has an open redirect vulnerability (CVE-2023-27292) caused by improper validation of user-supplied GET parameters, with potential exposure to template injection and related data access/modification risks. The Nuclei template confirms the issue as an open redirect, describing i...

5.4CVSS5.6AI score0.01027EPSS

Exploits1References1Affected Software1

NVD•added 2023/01/27 6:15 p.m.•11 views

CVE-2022-48013

Opencats v0.9.7 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields...

5.4CVSS5.3AI score0.00516EPSS

Exploits1References2

NVD•added 2023/01/27 6:15 p.m.•22 views

CVE-2022-48012

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd...

6.1CVSS6.1AI score0.0137EPSS

Exploits1References2

NVD•added 2023/01/27 6:15 p.m.•11 views

CVE-2022-48011

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

9.8CVSS9.8AI score0.01072EPSS

Exploits1References2

OSV•added 2023/01/27 6:15 p.m.•15 views

CVE-2022-48012

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd...

6.1CVSS6.1AI score

Exploits0References2

OSV•added 2023/01/27 6:15 p.m.•15 views

CVE-2022-48013

5.4CVSS5.3AI score

Exploits0References2

OSV•added 2023/01/27 6:15 p.m.•14 views

CVE-2022-48011

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

9.8CVSS9.8AI score

Exploits0References2

Prion•added 2023/01/27 6:15 p.m.•15 views

Cross site scripting

4.9CVSS5.3AI score0.00516EPSS

Exploits1References2Affected Software1

Prion•added 2023/01/27 6:15 p.m.•13 views

Sql injection

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

7.5CVSS9.7AI score0.01072EPSS

Exploits1References2Affected Software1

Prion•added 2023/01/27 6:15 p.m.•13 views

Cross site scripting

Opencats v0.9.7 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /opencats/index.php?m=settings&a=ajaxtagsupd...

5.8CVSS6AI score0.0137EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/01/27 12:0 a.m.•27 views

CVE-2022-48013

5.5AI score0.00516EPSS

Exploits1References2

Vulnrichment•added 2023/01/27 12:0 a.m.•5 views

CVE-2022-48011

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function...

10AI score0.01072EPSS

Exploits1References2

Rows per page