CVE-2021-25959
Description
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.396
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-25959 are fixed in OpenCRX - opencrx-core-config 5.2.0 | Windows |
| Vulnerabilities CVE-2021-25959 are fixed in OpenCRX - opencrx-core-models 5.2.0 | Windows |
| Vulnerabilities CVE-2021-25959 are fixed in opencrx-opencrx-client 5.2.0 | Windows |
| Vulnerabilities CVE-2021-25959 are fixed in opencrx-opencrx-core 5.2.0 | Windows |
| Vulnerabilities CVE-2021-25959 are fixed in Opencrx - opencrx-gradle 5.2.0 | Windows |
| Vulnerabilities CVE-2021-25959 are fixed in OpenCRX - opencrx-core-config for Linux 5.2.0 | Linux |
| Vulnerabilities CVE-2021-25959 are fixed in OpenCRX - opencrx-core-models for Linux 5.2.0 | Linux |
| Vulnerabilities CVE-2021-25959 are fixed in opencrx-opencrx-client for Linux 5.2.0 | Linux |
| Vulnerabilities CVE-2021-25959 are fixed in opencrx-opencrx-core for Linux 5.2.0 | Linux |
| Vulnerabilities CVE-2021-25959 are fixed in Opencrx - opencrx-gradle for Linux 5.2.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234