CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27150
https://notcve.org/view.php?id=CVE-2023-27150
26 Dec 2023 — openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Se descubrió que openCRX 5.2.0 contiene una vulnerabilidad de cross-site scripting (XSS) a través del campo Name después de la creación de un Tracker en Manage Activity. • https://www.esecforte.com/cve-2023-27150-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40817
https://notcve.org/view.php?id=CVE-2023-40817
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Configuration Name Field. • https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40813
https://notcve.org/view.php?id=CVE-2023-40813
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Saved Search Creation. • https://www.esecforte.com/cve-2023-40813-html-injection-saved-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40815
https://notcve.org/view.php?id=CVE-2023-40815
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Category Creation Name Field. • https://www.esecforte.com/cve-2023-40815-html-injection-category • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40812
https://notcve.org/view.php?id=CVE-2023-40812
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Group Name Field. • https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40816
https://notcve.org/view.php?id=CVE-2023-40816
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Milestone Name Field. • https://www.esecforte.com/cve-2023-40816-html-injection-activity-milestone • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40809
https://notcve.org/view.php?id=CVE-2023-40809
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Search Criteria-Activity Number. • https://www.esecforte.com/cve-2023-40809-html-injection-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40814
https://notcve.org/view.php?id=CVE-2023-40814
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Accounts Name Field. • https://www.esecforte.com/cve-2023-40814-html-injection-accounts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40810
https://notcve.org/view.php?id=CVE-2023-40810
18 Nov 2023 — OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Product Name Field. • https://www.esecforte.com/cve-2023-40810-html-injection-product-creation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40084
https://notcve.org/view.php?id=CVE-2022-40084
20 Oct 2022 — OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. Se ha detectado que OpenCRX versiones anteriores a v5.2.2, es vulnerable a una enumeración de contraseñas debido a la diferencia en los mensajes de error recibidos durante el restablecimiento de la contraseña, lo que podría permitir a un atacante determinar si un nombre de usuari... • https://cwe.mitre.org/data/definitions/204.html#:~:text=User%20enumeration%20via%20discrepancies%20in%20error%20messages.%2C-CVE-2004-0294&text=Bulletin%20Board%20displays%20different%20error%2Cbrute%20force%20password%20guessing%20attack. • CWE-203: Observable Discrepancy •