CVE-2023-27294

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-27294

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-27294.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-27294

Published

2023-02-28T17:15:11.487Z

Modified

2025-11-15T06:22:10.040006Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.

References

https://www.tenable.com/security/research/tra-2023-8

Affected packages

Git / github.com/opencats/opencats

Affected ranges

Type: GIT
Repo: https://github.com/opencats/opencats
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2764566bcb37ebde9e87f9106e9defed3d7d7c0c

Affected versions

0.*

0.9.1a

0.9.3

0.9.3-1

0.9.3-2

0.9.3-2-test-release

0.9.3-3

0.9.3-3-test-release

0.9.4

0.9.4-1

0.9.4-2

0.9.4-3

0.9.6

Other

delete

opencats-0.*

opencats-0.9.3

opencats-0.9.3(alpha)

opencats-0.9.3(final)

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-27294.json"