First published: Sat Nov 18 2023(Updated: )
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.
|Affected Software||Affected Version||How to fix|
The vulnerability ID for this security vulnerability is GHSA-3g79-j8hq-r4xv.
The title of this vulnerability is 'OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.'
The severity of this vulnerability is not mentioned.
This vulnerability can be exploited by injecting malicious HTML code into the Accounts Group Name field in OpenCRX version 5.2.0.
The affected software version is OpenCRX version 5.2.0.
There is no information available about a fix for this vulnerability.
Yes, the references for this vulnerability are: CVE-2023-40812 (https://nvd.nist.gov/vuln/detail/CVE-2023-40812), HTML Injection - Accounts Group (https://www.esecforte.com/cve-2023-40812-html-injection-accounts-group/), and GitHub Advisory (https://github.com/advisories/GHSA-3g79-j8hq-r4xv).
The CWE ID for this vulnerability is 79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).