CVE-2023-27150
https://notcve.org/view.php?id=CVE-2023-27150
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Se descubrió que openCRX 5.2.0 contiene una vulnerabilidad de cross-site scripting (XSS) a través del campo Name después de la creación de un Tracker en Manage Activity. • https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss https://www.opencrx.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40815
https://notcve.org/view.php?id=CVE-2023-40815
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Category Creation Name Field. • https://www.esecforte.com/cve-2023-40815-html-injection-category • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40813
https://notcve.org/view.php?id=CVE-2023-40813
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Saved Search Creation. • https://www.esecforte.com/cve-2023-40813-html-injection-saved-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40817
https://notcve.org/view.php?id=CVE-2023-40817
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Configuration Name Field. • https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-40809
https://notcve.org/view.php?id=CVE-2023-40809
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Search Criteria-Activity Number. • https://www.esecforte.com/cve-2023-40809-html-injection-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •