Skip to main content

Opencrx

13 CVEs product

Monthly

CVE-2023-27150 Maven MEDIUM POC This Month

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40817 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40816 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40815 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40814 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40813 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40812 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40810 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40809 Maven MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46502 Maven CRITICAL PATCH Act Now

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Opencrx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-40084 Maven MEDIUM POC PATCH This Month

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-25959 Maven MEDIUM PATCH This Month

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Opencrx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7378 CRITICAL POC Act Now

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD
CVSS 3.1
9.1
EPSS
2.6%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Opencrx
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Opencrx
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy