opencats

Top products

The 15 most recently published vulnerabilities affecting opencats.

• CVE-2026-49490OpenCATS - SQL Injection in DataGrid Filter Handling for Tags Column8.1May 31, 2026
• CVE-2026-49489OpenCATS - SQL Injection in DataGrid sortDirection Parameter8.5May 31, 2026
• CVE-2021-47936OpenCATS 0.9.4 Remote Code Execution via Resume Upload9.8May 10, 2026
• CVE-2026-27760OpenCATS PHP Code Injection via installer AJAX endpoint8.1Apr 28, 2026
• CVE-2023-26847A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/in...5.4Apr 11, 2023
• CVE-2023-26846A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/ind...5.4Apr 11, 2023
• CVE-2023-26845A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.4.3Apr 11, 2023
• CVE-2023-27295Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an aut...5.4Feb 28, 2023
• CVE-2023-27294Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar eve...5.4Feb 28, 2023
• CVE-2023-27293Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an a...6.1Feb 28, 2023
• CVE-2023-27292An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.5.4Feb 28, 2023
• CVE-2022-48013Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary...5.4Jan 27, 2023
• CVE-2022-48012Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.6.1Jan 27, 2023
• CVE-2022-48011Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.9.8Jan 27, 2023
• CVE-2022-43023OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.6.5Oct 19, 2022