Cross-Site Request Forgery in OpenCATS Affects User Sessions
CVE-2023-27295

5.4MEDIUM

Key Information:

Vendor: Opencats
Status: Opencats
Vendor: CVE Published:; 28 February 2023

What is CVE-2023-27295?

OpenCATS is vulnerable to cross-site request forgery (CSRF) due to the absence of required CSRF tokens in POST requests. This flaw enables an attacker to craft a malicious page that, when accessed by an authenticated user, can execute JavaScript commands within that user's session. Such exploitation could lead to unauthorized actions being performed on behalf of the user, potentially compromising sensitive data and user trust.

Affected Version(s)

OpenCATS 0.9.6

References

https://www.tenable.com/security/research/tra-2023-8

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-27295 Data

JSON

Opencats

What is CVE-2023-27295?

Affected Version(s)

References

CVSS V3.1

Timeline