Description
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
Remediation
References
https://www.esecforte.com/cve-2023-40817-html-injection-product-configuration/
Related Vulnerabilities
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone
CVE-2021-21254 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm
CVE-2023-29206 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx
CVE-2021-21350 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-7713 Vulnerability in npm package arr-flatten-unflatten