openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.
References
| Link | Resource |
|---|---|
| https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker/ | Exploit Third Party Advisory |
| https://www.opencrx.org/ | Release Notes |
| https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker/ | Exploit Third Party Advisory |
| https://www.opencrx.org/ | Release Notes |
Configurations
History
08 May 2025, 22:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker/ - Exploit, Third Party Advisory | |
| References | () https://www.opencrx.org/ - Release Notes | |
| CPE | cpe:2.3:a:opencrx:opencrx:5.2.0:*:*:*:*:*:*:* | |
| First Time |
Opencrx opencrx
Opencrx |
21 Nov 2024, 07:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker/ - | |
| References | () https://www.opencrx.org/ - |
23 Aug 2024, 19:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
29 Feb 2024, 01:38
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-29 01:38
Updated : 2025-05-08 22:50
NVD link : CVE-2023-27151
Mitre link : CVE-2023-27151
CVE.ORG link : CVE-2023-27151
JSON object : View
Products Affected
opencrx
- opencrx
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')