Vulnerabilities > Opencrx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-27150 | Cross-site Scripting vulnerability in Opencrx 5.2.0 openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | 5.4 |
| 2023-11-18 | CVE-2023-40809 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | 6.1 |
| 2023-11-18 | CVE-2023-40810 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. | 6.1 |
| 2023-11-18 | CVE-2023-40812 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. | 6.1 |
| 2023-11-18 | CVE-2023-40813 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. | 6.1 |
| 2023-11-18 | CVE-2023-40814 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. | 6.1 |
| 2023-11-18 | CVE-2023-40815 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. | 6.1 |
| 2023-11-18 | CVE-2023-40816 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. | 6.1 |
| 2023-11-18 | CVE-2023-40817 | Cross-site Scripting vulnerability in Opencrx 5.2.0 OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | 6.1 |
| 2022-10-20 | CVE-2022-40084 | Information Exposure Through Discrepancy vulnerability in Opencrx OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | 5.3 |