Stored Cross-Site Scripting Vulnerability in OpenCATS by OpenCATS Organization
CVE-2023-26846

5.4MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-26846?

A stored cross-site scripting vulnerability exists in OpenCATS version 0.9.7, allowing attackers to inject and execute arbitrary web scripts or HTML. By using a specially crafted payload targeting the 'city' parameter in the opencats/index.php?m=candidates endpoint, unauthorized users can exploit this weakness to manipulate web content and potentially compromise user data.

References

https://opencats.org

https://github.com/cassis-sec/CVE/tree/main/2023/CVE-2023...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-26846 Data

JSON

Opencats

What is CVE-2023-26846?

References

CVSS V3.1

Timeline