Description
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
Remediation
References
https://www.esecforte.com/cve-2023-40809-html-injection-search/
Related Vulnerabilities
CVE-2017-16192 Vulnerability in npm package getcityapi.yoehoehne
CVE-2016-4437 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder
CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-21125 Vulnerability in maven package com.bstek.ureport:ureport2-console