Werner Froidevaux

CVE-2021-25959 WRITEUP MEDIUM WRITEUP

OpenCRX 4.0.0-5.1.0 - Reflected Cross-Site Scripting via Password Reset Parameters

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

CVSS 6.1

View Code

CVE-2023-46502 WRITEUP CRITICAL WRITEUP

openCRX < 5.3.0 - XML External Entity Injection via Insecure DocumentBuilderFactory

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.

CVSS 9.8

View Code