OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version v0.9.6, which stems from the fact that an attacker can utilize its callback component to implement reflective cross-site scripting. No detailed vulnerability details are available...

OpenCats SQL注入漏洞

OpenCats is an open source recruitment process management system. OpenCats v0.9.6 suffers from a SQL injection vulnerability that stems from a security issue with the tagid variable in the tag delete function. No detailed vulnerability details are provided at this time...

CVE-2022-43015

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the entriesPerPage parameter...

CVE-2022-43018

OpenCATS v0.9.6 is affected by a reflected XSS in the Check Email function via the email parameter. The root cause is insufficient input validation, allowing an attacker to inject script in a user’s browser and potentially steal session cookies. Documented impacts include cookie theft and related...

OpenCats SQL注入漏洞

OpenCats is an open source recruitment process management system. OpenCats v0.9.6 suffers from a SQL injection vulnerability that stems from a security issue with the importID parameter in the Import viewerrors function. No detailed vulnerability details are available at this time...

CVE-2022-43022

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tagid variable in the Tag deletion function...

OpenCats 跨站脚本漏洞

OpenCats is an open source recruitment process management system. A security vulnerability exists in OpenCats version v0.9.6, which originates from an attacker being able to implement reflective cross-site scripting using its indexFile component. Currently there is no detailed vulnerability detai...

CVE-2022-43016

OpenCATS 0.9.6 contains a reflected XSS vulnerability in the callback component. An attacker could inject arbitrary JavaScript into a user’s browser within the OpenCATS site context, potentially stealing cookie-based credentials and enabling further attacks. The issue is documented across multipl...

CVE-2022-43015

OpenCATS v0.9.6 contains a reflected cross-site scripting (XSS) vulnerability exploitable via the entriesPerPage parameter. An attacker can inject arbitrary JavaScript code that runs in a user’s browser, potentially stealing cookies or performing actions in the user’s context. The issue is tied t...

CVE-2022-43014

OpenCATS v0.9.6 contains a reflected cross-site scripting (XSS) vulnerability in the joborderID parameter. An attacker can inject arbitrary script into the victim’s browser context, potentially stealing cookie-based authentication credentials and enabling further attacks. Practical impact include...

CVE-2022-43023

CVE-2022-43023 affects OpenCATS v0.9.6 . A SQL injection vulnerability exists in the Import viewerrors function via the importID parameter. According to multiple sources, the CVSSv3.1 base score is 6.5 (MEDIUM) with network attack vector, low complexity, privileges required: LOW, no user interact...

CVE-2022-43022

OpenCATS v0.9.6 contains a SQL injection vulnerability in the Tag deletion function exposed via the tag_id variable. This affects the application’s ability to securely handle tag deletion requests and could lead to unauthorized data access or manipulation, depending on the attacker’s input. The i...

CVE-2022-43021

OpenCATS v0.9.6 is affected by a SQL injection via the entriesPerPage parameter. Affected component: OpenCATS ATS core data handling; root cause: unsafeguarded handling of the entriesPerPage input enabling arbitrary SQL behavior. Impact per sources: potential confidentiality loss (C), with no evi...

CVE-2022-43017

OpenCATS v0.9.6 contains a reflected XSS vulnerability via the indexFile component. An attacker can inject arbitrary JavaScript in the victim’s browser, running in the site’s context and potentially exposing cookie-based credentials and enabling additional attacks. The issue arises from OpenCATS ...

CVE-2022-43015

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the entriesPerPage parameter...

PT-2022-26707 · Opencats · Opencats

Name of the Vulnerable Software and Affected Versions: OpenCATS version 0.9.6 Description: A SQL injection issue was found in the Import viewerrors function via the importID parameter. Recommendations: For OpenCATS version 0.9.6, avoid using the importID parameter in the Import viewerrors functio...

EUVD-2022-46068

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

CVE-2022-43019

CVE-2022-43019 : OpenCats/OpenCATS v0.9.6 has a remote code execution (RCE) flaw via the getDataGridPager AJAX function. The issue affects the OpenCATS web UI component and is described as a vulnerable path in the AJAX handling, leading to high-impact impact (CVE indicates CRITICAL, network acces...

CVE-2022-43019

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

PT-2022-26703 · Opencats · Opencats

Name of the Vulnerable Software and Affected Versions: OpenCATS version 0.9.6 Description: The issue is related to a remote code execution vulnerability. It affects the getDataGridPager functionality, specifically through its ajax functionality. Recommendations: For OpenCATS version 0.9.6, as a...