CVE-2023-27151

Name of the Vulnerable Software and Affected Versions openCRX version 5.2.0

Description The issue is related to an HTML injection vulnerability in the Search Criteria-Activity Number within the Saved Search Activity. This vulnerability can be exploited via the Name, Description, or Activity Number field.

Recommendations For openCRX version 5.2.0, as a temporary workaround, consider restricting the use of the Name, Description, and Activity Number fields in the Saved Search Activity until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.