Vulnerabilities > Opencrx > Opencrx > 5.2.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-27150 Cross-site Scripting vulnerability in Opencrx 5.2.0
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
network
low complexity
opencrx CWE-79
5.4
5.4
2023-11-18 CVE-2023-40809 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40810 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40812 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40813 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40814 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40815 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40816 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
network
low complexity
opencrx CWE-79
6.1
6.1
2023-11-18 CVE-2023-40817 Cross-site Scripting vulnerability in Opencrx 5.2.0
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
network
low complexity
opencrx CWE-79
6.1
6.1
2022-10-20 CVE-2022-40084 Information Exposure Through Discrepancy vulnerability in Opencrx
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
network
low complexity
opencrx CWE-203
5.3
5.3