Headline
CVE-2022-43018: opencats_zero-days/XSS_in_checkEmail.md at main · hansmach1ne/opencats_zero-days
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.
Permalink
1 contributor
Users who have contributed to this file
Cross Site Scripting vulnerability in the OpenCats ‘email’ parameter of Check Email functionality
OpenCats version 0.9.6 PHP7.2 suffers from reflected XSS vulnerability. This allows attackers arbitrary JavaScript injection, which compromises secure session between client and server.
PoC
GET /index.php?m=toolbar&callback=<script>alert`xss`</script>&a=checkEmailIsInSystem&email=<script>alert(document.domain)</script>