CVE-2021-25959
OpenCRX is affected by a reflected XSS vulnerability (CVE-2021-25959) in versions 4.0.0–5.1.0, caused by unsanitized password-reset parameters. This can allow execution of external JavaScript on any user of the instance. The linked connected advisories confirm the issue exists in OpenCRX and desc...