CVE-2023-26846
OpenCATS 0.9.7 is affected by a stored XSS vulnerability in the city parameter of opencats/index.php?m=candidates. The issue allows execution of arbitrary web scripts/HTML in a victim’s browser. Root cause is a stored XSS in that endpoint; no fix version is provided in the documents. Practical im...