CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40814
https://notcve.org/view.php?id=CVE-2023-40814
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Name Field. • https://www.esecforte.com/cve-2023-40814-html-injection-accounts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40812
https://notcve.org/view.php?id=CVE-2023-40812
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Group Name Field. • https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40810
https://notcve.org/view.php?id=CVE-2023-40810
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Name Field. • https://www.esecforte.com/cve-2023-40810-html-injection-product-creation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40816
https://notcve.org/view.php?id=CVE-2023-40816
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Milestone Name Field. • https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46502
https://notcve.org/view.php?id=CVE-2023-46502
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Un problema en openCRX v.5.2.2 permite a un atacante remoto leer archivos internos y ejecutar un ataque de server side request forgery a través de DocumentBuilderFactory inseguro. • https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399 • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •