Stored Cross-Site Scripting Vulnerability in Opencats by Sakura-501
CVE-2022-48013

5.4MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 27 January 2023

What is CVE-2022-48013?

Opencats version 0.9.7 has a vulnerability that allows stored cross-site scripting (XSS) attacks via the /opencats/index.php?m=calendar component. This issue arises when untrusted user input is injected into the Description or Title fields, enabling attackers to execute arbitrary web scripts or HTML on the affected application. Users are strongly encouraged to implement security measures to safeguard against potential exploitation of this vulnerability.

References

https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities

https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilit...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2023
Vulnerability Reserved
Dec 29, 2022

CVE-2022-48013 Data

JSON