org.opencrx:opencrx-core-models
Maven9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.opencrx:opencrx-core-modelspage 1 of 1
- CVE-2021-25959MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.2.02021-09-29
vulnerable: 4.3-alpha-10 ... 5.1.0 (7 versions)
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the ope…
- CVE-2023-40809MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
- CVE-2023-40810MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.
- CVE-2023-40812MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
- CVE-2023-40813MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
- CVE-2023-40814MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.
- CVE-2023-40815MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.
- CVE-2023-40816MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
- CVE-2023-40817MEDIUMCVSS 6.1EG 6.12023-11-18
vulnerable: 4.3-alpha-10 ... 5.2.0 (8 versions)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
Check whether org.opencrx:opencrx-core-models is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.opencrx:opencrx-core-models CVEs against the assets you own.
Start Free Scan →