CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40814
https://notcve.org/view.php?id=CVE-2023-40814
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Name Field. • https://www.esecforte.com/cve-2023-40814-html-injection-accounts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40812
https://notcve.org/view.php?id=CVE-2023-40812
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Group Name Field. • https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40810
https://notcve.org/view.php?id=CVE-2023-40810
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Name Field. • https://www.esecforte.com/cve-2023-40810-html-injection-product-creation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40816
https://notcve.org/view.php?id=CVE-2023-40816
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Milestone Name Field. • https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40084
https://notcve.org/view.php?id=CVE-2022-40084
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. Se ha detectado que OpenCRX versiones anteriores a v5.2.2, es vulnerable a una enumeración de contraseñas debido a la diferencia en los mensajes de error recibidos durante el restablecimiento de la contraseña, lo que podría permitir a un atacante determinar si un nombre de usuario, correo electrónico o ID es válido • https://cwe.mitre.org/data/definitions/204.html#:~:text=User%20enumeration%20via%20discrepancies%20in%20error%20messages.%2C-CVE-2004-0294&text=Bulletin%20Board%20displays%20different%20error%2Cbrute%20force%20password%20guessing%20attack. https://github.com/ciph0x01/OpenCRX-CVE/blob/main/CVE-2022-40084.md • CWE-203: Observable Discrepancy •