274 matches found
CVE-2022-43021
OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable...
CVE-2022-43018
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the email parameter in the Check Email function...
CVE-2021-25294
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...
CVE-2021-25295
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting XSS issues...
CVE-2019-13358
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...
The vulnerability of the indexFile component in the process management system of OpenCATS allows a hacker to perform cross-site scripting attacks.
The vulnerability of the indexFile component in the OpenCATS process management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the OpenCATS personnel recruitment system lies in the lack of measures to protect the website structure, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the OpenCATS personnel recruitment system management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the joborderID parameter...
The vulnerability of the callback component of the OpenCATS workforce management system allows attackers to perform cross-site scripting attacks.
The vulnerability of the callback component of the OpenCATS workforce management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the Check Email function in the OpenCATS workforce management system allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Check Email function in the OpenCATS workforce management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the email parameter...
OpenCATS Cross-Site Scripting Vulnerability (CNVD-2023-29368)
OpenCATS is a leading open source applicant tracking system for recruiters and companies. A security vulnerability exists in OpenCats v0.9.7. An attacker could use the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the state parameter of...
CVE-2023-26845
A Cross-Site Request Forgery CSRF in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors...
CVE-2023-26847
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...
CVE-2023-26846
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...
CVE-2023-26847
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...
CVE-2023-26845
A Cross-Site Request Forgery CSRF in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors...
CVE-2023-26846
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors...
Cross site scripting
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...
Cross site scripting
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...
CVE-2023-26845
A Cross-Site Request Forgery CSRF in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors...