Maven package
org.opencrx/opencrx-core
pkg:maven/org.opencrx/opencrx-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27150 | — | <= 5.2.0 | — | Dec 26, 2023 | openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | ||
| CVE-2021-25959 | — | >= 4.0.0, < 5.2.0 | 5.2.0 | Sep 29, 2021 | In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. |
- CVE-2023-27150Dec 26, 2023affected <= 5.2.0
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
- CVE-2021-25959Sep 29, 2021affected >= 4.0.0, < 5.2.0fixed 5.2.0
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.