Lucene search
MendCVELIST:CVE-2021-25959HistorySep 29, 2021 - 1:50 p.m.
CVE-2021-25959 OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality
2021-09-2913:50:15
CWE-79
Mend
www.cve.org
2
opencrx
version v4.0.0
version v5.1.0
cross-site scripting
password reset
unsantized parameters
external javascript files
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.9%
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.
CNA Affected
[
{
"product": "opencrx-core-config",
"vendor": "org.opencrx",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-25959
2021-09-29 14:15:07
nvd
nvd
CVE-2021-25959
2021-09-29 14:15:07
prion
prion
Cross site scripting
2021-09-29 14:15:00
github
github
Cross-site Scripting in OpenCRX
2021-09-30 20:50:21
osv
osv
Cross-site Scripting in OpenCRX
2021-09-30 20:50:21
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.9%
Related for CVELIST:CVE-2021-25959