Vulnerabilities > Opencrx

DATE CVE VULNERABILITY TITLE RISK
2022-10-20 CVE-2022-40084 Information Exposure Through Discrepancy vulnerability in Opencrx
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
network
low complexity
opencrx CWE-203
5.3
2021-09-29 CVE-2021-25959 Cross-site Scripting vulnerability in Opencrx
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality.
network
opencrx CWE-79
4.3
2020-11-24 CVE-2020-7378 Improper Authentication vulnerability in Opencrx
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability.
network
low complexity
opencrx CWE-287
6.4