CVE-2023-27293

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-27293

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27293.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27293

Published

2023-02-28T17:15:11.427Z

Modified

2026-03-14T11:59:50.186430Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.

References

https://www.tenable.com/security/research/tra-2023-8

Affected packages

Git / github.com/opencats/opencats

Affected ranges

Type

GIT

Repo

https://github.com/opencats/opencats

Events

Introduced

Last affected

2764566bcb37ebde9e87f9106e9defed3d7d7c0c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.6"
        }
    ]
}

Affected versions

0.*

0.9.1a

0.9.3

0.9.3-1

0.9.3-2

0.9.3-2-test-release

0.9.3-3

0.9.3-3-test-release

0.9.4

0.9.4-1

0.9.4-2

0.9.4-3

0.9.6

Other

delete

opencats-0.*

opencats-0.9.3

opencats-0.9.3(alpha)

opencats-0.9.3(final)

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27293.json"