CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27150
https://notcve.org/view.php?id=CVE-2023-27150
26 Dec 2023 — openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Se descubrió que openCRX 5.2.0 contiene una vulnerabilidad de cross-site scripting (XSS) a través del campo Name después de la creación de un Tracker en Manage Activity. • https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40817
https://notcve.org/view.php?id=CVE-2023-40817
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Configuration Name Field. • https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40813
https://notcve.org/view.php?id=CVE-2023-40813
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Saved Search Creation. • https://www.esecforte.com/cve-2023-40813-html-injection-saved-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40815
https://notcve.org/view.php?id=CVE-2023-40815
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Category Creation Name Field. • https://www.esecforte.com/cve-2023-40815-html-injection-category • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40812
https://notcve.org/view.php?id=CVE-2023-40812
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Group Name Field. • https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40816
https://notcve.org/view.php?id=CVE-2023-40816
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Milestone Name Field. • https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40809
https://notcve.org/view.php?id=CVE-2023-40809
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Search Criteria-Activity Number. • https://www.esecforte.com/cve-2023-40809-html-injection-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40814
https://notcve.org/view.php?id=CVE-2023-40814
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Name Field. • https://www.esecforte.com/cve-2023-40814-html-injection-accounts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40810
https://notcve.org/view.php?id=CVE-2023-40810
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Name Field. • https://www.esecforte.com/cve-2023-40810-html-injection-product-creation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46502
https://notcve.org/view.php?id=CVE-2023-46502
30 Oct 2023 — An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Un problema en openCRX v.5.2.2 permite a un atacante remoto leer archivos internos y ejecutar un ataque de server side request forgery a través de DocumentBuilderFactory inseguro. • https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •