Reflected Cross-Site Scripting Vulnerability in OpenCATS by OpenCATS Team
CVE-2022-43014

6.1MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43014?

OpenCATS v0.9.6 is vulnerable to a reflected cross-site scripting (XSS) flaw, allowing attackers to inject malicious scripts through the joborderID parameter. Exploitation of this vulnerability can lead to unauthorized access, data interception, and other malicious actions, raising significant security concerns for users of this version of the software.

References

https://github.com/hansmach1ne/opencats_zero-days/blob/ma...

https://github.com/hansmach1ne/CVE-portfolio/tree/main/CV...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43014 Data

JSON

Opencats

What is CVE-2022-43014?

References

CVSS V3.1

Timeline