Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown

CVE-2023-27150

Disclosure Date: December 26, 2023 (last updated January 04, 2024)
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40817

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40816

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40815

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40814

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40813

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40812

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40810

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40809

Disclosure Date: November 18, 2023 (last updated November 23, 2023)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-46502

Disclosure Date: October 30, 2023 (last updated November 07, 2023)
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >