CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46502
https://notcve.org/view.php?id=CVE-2023-46502
30 Oct 2023 — An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Un problema en openCRX v.5.2.2 permite a un atacante remoto leer archivos internos y ejecutar un ataque de server side request forgery a través de DocumentBuilderFactory inseguro. • https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40084
https://notcve.org/view.php?id=CVE-2022-40084
20 Oct 2022 — OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. Se ha detectado que OpenCRX versiones anteriores a v5.2.2, es vulnerable a una enumeración de contraseñas debido a la diferencia en los mensajes de error recibidos durante el restablecimiento de la contraseña, lo que podría permitir a un atacante determinar si un nombre de usuari... • https://cwe.mitre.org/data/definitions/204.html#:~:text=User%20enumeration%20via%20discrepancies%20in%20error%20messages.%2C-CVE-2004-0294&text=Bulletin%20Board%20displays%20different%20error%2Cbrute%20force%20password%20guessing%20attack. • CWE-203: Observable Discrepancy •