CVE-2023-27295
OpenCATS suffers a Cross-Site Request Forgery due to failure to require CSRF tokens on POST requests. An attacker can create a page that executes JavaScript within an authenticated user’s session. Multiple sources (e.g., CNNVD citing OpenCATS 0.9.6) corroborate the CSRF issue, but no concrete rem...