Maven package
org.opencrx/opencrx-client
pkg:maven/org.opencrx/opencrx-client
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46502 | — | < 5.3.0 | 5.3.0 | Oct 30, 2023 | An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | ||
| CVE-2022-40084 | — | < 5.2.2 | 5.2.2 | Oct 20, 2022 | OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | ||
| CVE-2021-25959 | — | >= 4.0.0, < 5.2.0 | 5.2.0 | Sep 29, 2021 | In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. |
- CVE-2023-46502Oct 30, 2023affected < 5.3.0fixed 5.3.0
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
- CVE-2022-40084Oct 20, 2022affected < 5.2.2fixed 5.2.2
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
- CVE-2021-25959Sep 29, 2021affected >= 4.0.0, < 5.2.0fixed 5.2.0
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.