CVE-2023-46502
- EPSS 0.82%
- Veröffentlicht 30.10.2023 23:15:08
- Zuletzt bearbeitet 21.11.2024 08:28:37
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
CVE-2022-40084
- EPSS 0.22%
- Veröffentlicht 20.10.2022 14:15:09
- Zuletzt bearbeitet 08.05.2025 16:15:21
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
CVE-2021-25959
- EPSS 0.4%
- Veröffentlicht 29.09.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:40
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instan...
CVE-2020-7378
- EPSS 8.69%
- Veröffentlicht 24.11.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:37:08
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any ...