CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27150
https://notcve.org/view.php?id=CVE-2023-27150
26 Dec 2023 — openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Se descubrió que openCRX 5.2.0 contiene una vulnerabilidad de cross-site scripting (XSS) a través del campo Name después de la creación de un Tracker en Manage Activity. • https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27151
https://notcve.org/view.php?id=CVE-2023-27151
25 Dec 2023 — openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field. Se descubrió que openCRX 5.2.0 contiene una vulnerabilidad de inyección de HTML para Criterios de búsqueda-Número de actividad (en la Actividad de búsqueda guardada) a través del campo Nombre, Descripción o Número de actividad. • https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40817
https://notcve.org/view.php?id=CVE-2023-40817
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Configuration Name Field. • https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40813
https://notcve.org/view.php?id=CVE-2023-40813
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Saved Search Creation. • https://www.esecforte.com/cve-2023-40813-html-injection-saved-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40815
https://notcve.org/view.php?id=CVE-2023-40815
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Category Creation Name Field. • https://www.esecforte.com/cve-2023-40815-html-injection-category • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40812
https://notcve.org/view.php?id=CVE-2023-40812
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Group Name Field. • https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40816
https://notcve.org/view.php?id=CVE-2023-40816
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Milestone Name Field. • https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40809
https://notcve.org/view.php?id=CVE-2023-40809
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Search Criteria-Activity Number. • https://www.esecforte.com/cve-2023-40809-html-injection-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40814
https://notcve.org/view.php?id=CVE-2023-40814
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Name Field. • https://www.esecforte.com/cve-2023-40814-html-injection-accounts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40810
https://notcve.org/view.php?id=CVE-2023-40810
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Name Field. • https://www.esecforte.com/cve-2023-40810-html-injection-product-creation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •