Reflected XSS Vulnerability in OpenCATS by HansMach1ne
CVE-2022-43017

6.1MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 19 October 2022

What is CVE-2022-43017?

OpenCATS v0.9.6 is vulnerable to a reflected cross-site scripting (XSS) attack through the indexFile component. An attacker can exploit this vulnerability by crafting a malicious URL that, when accessed by a victim, executes arbitrary JavaScript in their browser, potentially leading to data theft or session hijacking. It is essential for users of OpenCATS to apply appropriate security measures to mitigate the risk associated with this vulnerability.

References

https://github.com/hansmach1ne/opencats_zero-days/blob/ma...

https://github.com/hansmach1ne/CVE-portfolio/tree/main/CV...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Oct 17, 2022

CVE-2022-43017 Data

JSON

Opencats

What is CVE-2022-43017?

References

CVSS V3.1

Timeline