Reflected Cross-Site Scripting in Opencats by Sakura-501
CVE-2022-48012

6.1MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 27 January 2023

What is CVE-2022-48012?

Opencats version 0.9.7 has a vulnerability that allows for reflected cross-site scripting via the component /opencats/index.php?m=settings&a=ajax_tags_upd. This flaw enables attackers to inject malicious scripts, potentially compromising user sessions and leading to unauthorized access to sensitive information. It's crucial for administrators and users to assess their exposure and take corrective actions to safeguard their systems.

References

https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities

https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilit...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2023
Vulnerability Reserved
Dec 29, 2022

CVE-2022-48012 Data

JSON