CVE-2023-27295 Information

Description

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user’s session when visited.

Reference

https://www.tenable.com/security/research/tra-2023-8