1. Home
  2. Vulnerabilities
  3. CVE-2021-25959

CVE-2021-25959

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.10 % (41th)
0.10% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Mend
Published Date
2021-09-29 14:15:07
(3 years ago)
Updated Date
2021-10-07 13:21:22
(2 years ago)

Affected Products

Opencrx

Configuration #1

    CPE23 From Up To
  Opencrx from 4.0.0 version and 5.1.0 and prior versions cpe:2.3:a:opencrx:opencrx >= 4.0.0 <= 5.1.0