opencats 漏洞與 CVE 列表(27)

產品(CPE): — CVE 數: 27

opencats 漏洞概覽

彙總 opencats 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 SQL 注入、CSRF與XXE 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與資料外洩 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12027 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-49490 OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter requests to execute arbitrary SQL queries against the database. [email protected] 8.6 0.25% 2026-05-31 2026-06-17
CVE-2026-49489 OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data. [email protected] 8.4 0.26% 2026-05-31 2026-06-17
CVE-2021-47936 OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory. [email protected] 9.3 0.66% 2026-05-10 2026-06-17
CVE-2023-26847 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. [email protected] 5.4 0.43% 2023-04-11 2026-06-17
CVE-2023-26846 A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. [email protected] 5.4 0.41% 2023-04-11 2026-06-17
CVE-2023-26845 A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. [email protected] 4.3 0.23% 2023-04-11 2026-06-17
CVE-2023-27295 Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited. [email protected] 5.4 0.35% 2023-02-28 2026-06-17
CVE-2023-27294 Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge. [email protected] 5.4 0.51% 2023-02-28 2026-06-17
CVE-2023-27293 Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge. [email protected] 6.1 0.60% 2023-02-28 2026-06-17
CVE-2023-27292 An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. [email protected] 5.4 1.03% 2023-02-28 2026-06-17
CVE-2022-48013 Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields. [email protected] 5.4 0.52% 2023-01-27 2026-06-17
CVE-2022-48012 Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. [email protected] 6.1 1.37% 2023-01-27 2026-06-17
CVE-2022-48011 Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. [email protected] 9.8 1.05% 2023-01-27 2026-06-17
CVE-2022-43023 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. [email protected] 6.5 0.78% 2022-10-19 2026-06-17
CVE-2022-43022 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. [email protected] 6.5 0.78% 2022-10-19 2026-06-17
CVE-2022-43021 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. [email protected] 6.5 0.78% 2022-10-19 2026-06-17
CVE-2022-43020 OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. [email protected] 6.5 0.78% 2022-10-19 2026-06-17
CVE-2022-43019 OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality. [email protected] 9.8 1.83% 2022-10-19 2026-06-17
CVE-2022-43018 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. [email protected] 6.1 1.33% 2022-10-19 2026-06-17
CVE-2022-43017 OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. [email protected] 6.1 1.33% 2022-10-19 2026-06-17
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence