Lucene search

K

Opencrx Security Vulnerabilities

cve
cve

CVE-2023-27150

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-12-26 04:15 AM
11
cve
cve

CVE-2023-40813

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
22
cve
cve

CVE-2023-40815

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
21
cve
cve

CVE-2023-40814

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
21
cve
cve

CVE-2023-40817

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
24
cve
cve

CVE-2023-40816

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
18
cve
cve

CVE-2023-40812

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
21
cve
cve

CVE-2023-40810

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
19
cve
cve

CVE-2023-40809

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity...

6.1CVSS

6.3AI Score

0.0005EPSS

2023-11-18 04:15 AM
19
cve
cve

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure...

9.8CVSS

9.3AI Score

0.001EPSS

2023-10-30 11:15 PM
21
cve
cve

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is...

5.3CVSS

5.3AI Score

0.001EPSS

2022-10-20 02:15 PM
40
2
cve
cve

CVE-2021-25959

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX...

6.1CVSS

6.2AI Score

0.001EPSS

2021-09-29 02:15 PM
39
cve
cve

CVE-2020-7378

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version....

9.1CVSS

9.2AI Score

0.003EPSS

2020-11-24 05:15 PM
26
4