Vulnerabilities > Opencrx > Opencrx > 5.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-20 | CVE-2022-40084 | Information Exposure Through Discrepancy vulnerability in Opencrx OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | 5.3 |
2021-09-29 | CVE-2021-25959 | Cross-site Scripting vulnerability in Opencrx In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. | 4.3 |