Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
Advisories for Maven/Org.opencrx/Opencrx-Core-Models package
2023
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.