2023
| Date | CVE ID | Description |
|---|---|---|
| 11/04/2023 | CVE-2023-26845 | A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. |
| 11/04/2023 | CVE-2023-26846 | A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. |
| 11/04/2023 | CVE-2023-26847 | A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. |
2024
| Date | CVE ID | Description |
|---|---|---|
| 01/30/2024 | CVE-2024-22643 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. |
| 01/30/2024 | CVE-2024-22646 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. |
| 01/30/2024 | CVE-2024-22647 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. |
| 01/30/2024 | CVE-2024-22648 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. |