CVE-2023-27150

Name of the Vulnerable Software and Affected Versions openCRX version 5.2.0

Description A cross-site scripting (XSS) issue was discovered in openCRX, which occurs via the Name field after creating a Tracker in Manage Activity. This allows for potential malicious script execution.

Recommendations For openCRX version 5.2.0, consider disabling the Name field in the Manage Activity section until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Manage Activity feature to minimize the risk of exploitation. Avoid using the Name field in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.