CVE-2023-27295

medium

Description

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.

References

https://www.tenable.com/security/research/tra-2023-8

Details

Source: Mitre, NVD

Published: 2023-02-28

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: Medium