Opencrx CVE - OpenCVE

Filtered by vendor Opencrx Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 10 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-27150	1 Opencrx	1 Opencrx	2024-01-03	N/A	5.4 MEDIUM
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
CVE-2023-40813	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
CVE-2023-40817	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
CVE-2023-40816	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
CVE-2023-40815	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
CVE-2023-40814	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
CVE-2023-40812	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
CVE-2023-40810	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
CVE-2023-40809	1 Opencrx	1 Opencrx	2023-11-22	N/A	6.1 MEDIUM
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
CVE-2021-25959	1 Opencrx	1 Opencrx	2021-10-07	4.3 MEDIUM	6.1 MEDIUM
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

Vulnerabilities (CVE)

CVSS v3 Filter

Search