Reflected XSS Vulnerability in OpenCATS by HansMach1ne
CVE-2022-43015

6.1MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43015?

OpenCATS version v0.9.6 has been identified to be vulnerable to a reflected cross-site scripting (XSS) attack. This vulnerability is triggered via the 'entriesPerPage' parameter, which can be exploited by attackers to execute arbitrary JavaScript code in a user's browser. Successful exploitation could lead to unauthorized actions taken on behalf of the user, stealing cookies, and compromising sensitive information. It is crucial for users of OpenCATS to apply security best practices and to update to the latest version to mitigate potential risks.

References

https://github.com/hansmach1ne/opencats_zero-days/blob/ma...

https://github.com/hansmach1ne/CVE-portfolio/tree/main/CV...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43015 Data

JSON

Opencats

What is CVE-2022-43015?

References

CVSS V3.1

Timeline