CVE-2022-48013

Name of the Vulnerable Software and Affected Versions Opencats version 0.9.7

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the /opencats/index.php?m=calendar component. This allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.

Recommendations For Opencats version 0.9.7, consider disabling the calendar component until a patch is available. Restrict access to the /opencats/index.php?m=calendar endpoint to minimize the risk of exploitation. Avoid using the Description and Title text fields in the affected component until the issue is resolved.