Maven package
org.opencrx/opencrx-core-config
pkg:maven/org.opencrx/opencrx-core-config
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-25959 | — | >= 4.0.0, < 5.2.0 | 5.2.0 | Sep 29, 2021 | In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. |
- CVE-2021-25959Sep 29, 2021affected >= 4.0.0, < 5.2.0fixed 5.2.0
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.