Opencrx: >> Opencrx >> 5.1.0 Security Vulnerabilities
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-10-20
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-29