Mateo Hanžek - Security Researcher - Exploit Intelligence Platform

CVE-2022-43014 WRITEUP MEDIUM WORKING POC

Opencats - XSS

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.

CVSS 6.1

View Code

CVE-2022-43015 WRITEUP MEDIUM WORKING POC

Opencats - XSS

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.

CVSS 6.1

View Code

CVE-2022-43016 WRITEUP MEDIUM WORKING POC

Opencats - XSS

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.

CVSS 6.1

View Code

CVE-2022-43017 WRITEUP MEDIUM WRITEUP

Opencats - XSS

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.

CVSS 6.1

View Code

CVE-2022-43018 WRITEUP MEDIUM WORKING POC

Opencats - XSS

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.

CVSS 6.1

View Code

CVE-2022-43019 WRITEUP CRITICAL WRITEUP

Opencats - Insecure Deserialization

OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.

CVSS 9.8

View Code

CVE-2022-43020 WRITEUP MEDIUM WORKING POC

Opencats - SQL Injection

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.

CVSS 6.5

View Code

CVE-2022-43021 WRITEUP MEDIUM WORKING POC

Opencats - SQL Injection

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.

CVSS 6.5

View Code

CVE-2022-43023 WRITEUP MEDIUM WORKING POC

Opencats - SQL Injection

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

CVSS 6.5

View Code