CVE-2023-27295

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt