In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mend
Published: 2021-09-29T13:50:15.394433Z
Updated: 2024-09-16T19:24:15.717Z
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25959
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-29T14:15:07.620
Modified: 2021-10-07T13:21:22.307
Link: CVE-2021-25959
Redhat
No data.