CVE-2023-27295

medium

Description

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.

References

https://www.tenable.com/security/research/tra-2023-8

Details

Source: MITRE

Published: 2023-02-28

Updated: 2023-03-04

Type: CWE-352