CVE-2022-43017
- EPSS 1.33%
- Veröffentlicht 19.10.2022 18:15:13
- Zuletzt bearbeitet 24.09.2025 19:45:10
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.
CVE-2022-43016
- EPSS 1.33%
- Veröffentlicht 19.10.2022 18:15:13
- Zuletzt bearbeitet 24.09.2025 19:45:16
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.
CVE-2022-43015
- EPSS 1.28%
- Veröffentlicht 19.10.2022 18:15:13
- Zuletzt bearbeitet 24.09.2025 19:45:21
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.
CVE-2022-43014
- EPSS 1.28%
- Veröffentlicht 19.10.2022 18:15:13
- Zuletzt bearbeitet 24.09.2025 19:43:07
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
- EPSS 11.13%
- Veröffentlicht 15.12.2021 07:15:07
- Zuletzt bearbeitet 21.11.2024 06:26:25
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
CVE-2021-25295
- EPSS 1.52%
- Veröffentlicht 18.01.2021 06:15:13
- Zuletzt bearbeitet 21.11.2024 05:54:42
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.
- EPSS 10.68%
- Veröffentlicht 18.01.2021 06:15:12
- Zuletzt bearbeitet 21.11.2024 05:54:41
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exp...
CVE-2019-13358
- EPSS 23.85%
- Veröffentlicht 05.07.2019 21:15:10
- Zuletzt bearbeitet 21.11.2024 04:24:47
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.