Forum rules: Just remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but keep comments directed to the topic at hand.
there are a few (already known) exploits on internal pages that required a valid username / password to exploit. The exploits are for version 0.9.7. These are already documented in the Security.MD file in the github repository. https://github.com/opencats/OpenCATS/bl ... ity.MD#xss
These should all be addressed with the most current release 0.9.7.2. Please test, report any issues in the github repository or email me - russh@opencats.org.
RussH
Report your issues and feature requests; https://github.com/opencats/opencats/issues