Описание
Cross-site Scripting in OpenCRX
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.
Пакеты
org.opencrx:opencrx-core
>= 4.0.0, < 5.2.0
5.2.0
org.opencrx:opencrx-core-models
>= 4.0.0, < 5.2.0
5.2.0
org.opencrx:opencrx-core-config
>= 4.0.0, < 5.2.0
5.2.0
org.opencrx:opencrx-client
>= 4.0.0, < 5.2.0
5.2.0
org.opencrx:opencrx-gradle
>= 4.0.0, < 5.2.0
5.2.0
Связанные уязвимости
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.