Opencats

Opencats

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-49490

  • EPSS 0.25%
  • Veröffentlicht 31.05.2026 12:07:55
  • Zuletzt bearbeitet 01.06.2026 16:55:20

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers ...

8.5

CVE-2026-49489

Exploit
  • EPSS 0.26%
  • Veröffentlicht 31.05.2026 12:04:48
  • Zuletzt bearbeitet 01.06.2026 16:55:20

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter ...

9.8

CVE-2021-47936

  • EPSS 0.66%
  • Veröffentlicht 10.05.2026 13:16:29
  • Zuletzt bearbeitet 12.05.2026 14:24:15

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers ...

8.1

CVE-2026-27760

Exploit
  • EPSS 22.19%
  • Veröffentlicht 28.04.2026 13:43:24
  • Zuletzt bearbeitet 28.04.2026 20:18:13

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. At...

5.4

CVE-2023-26847

  • EPSS 0.43%
  • Veröffentlicht 11.04.2023 15:15:10
  • Zuletzt bearbeitet 11.02.2025 16:15:36

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.

5.4

CVE-2023-26846

  • EPSS 0.41%
  • Veröffentlicht 11.04.2023 15:15:10
  • Zuletzt bearbeitet 11.02.2025 16:15:36

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.

4.3

CVE-2023-26845

  • EPSS 0.23%
  • Veröffentlicht 11.04.2023 15:15:10
  • Zuletzt bearbeitet 10.02.2025 16:15:33

A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.

5.4

CVE-2023-27295

Exploit
  • EPSS 0.35%
  • Veröffentlicht 28.02.2023 17:15:11
  • Zuletzt bearbeitet 10.03.2025 15:15:36

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.

5.4

CVE-2023-27294

Exploit
  • EPSS 0.53%
  • Veröffentlicht 28.02.2023 17:15:11
  • Zuletzt bearbeitet 21.03.2025 21:15:34

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' brow...

6.1

CVE-2023-27293

Exploit
  • EPSS 0.6%
  • Veröffentlicht 28.02.2023 17:15:11
  • Zuletzt bearbeitet 21.03.2025 21:15:34

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission....