Maven package

org.opencrx/opencrx-core-models

pkg:maven/org.opencrx/opencrx-core-models

Vulnerabilities (9)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-40817	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
CVE-2023-40816	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
CVE-2023-40815	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
CVE-2023-40814	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
CVE-2023-40813	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
CVE-2023-40812	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
CVE-2023-40810	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
CVE-2023-40809	—	<= 5.2.0	—	Nov 18, 2023	OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
CVE-2021-25959	—	>= 4.0.0, < 5.2.0	5.2.0	Sep 29, 2021	In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

CVE-2023-40817Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
CVE-2023-40816Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
CVE-2023-40815Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
CVE-2023-40814Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
CVE-2023-40813Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
CVE-2023-40812Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
CVE-2023-40810Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
CVE-2023-40809Nov 18, 2023
affected <= 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
CVE-2021-25959Sep 29, 2021
affected >= 4.0.0, < 5.2.0fixed 5.2.0
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.