CVE-2023-40817

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenCRX version 5.2.0

Description The issue allows for HTML injection via the Product Configuration Name Field.

Recommendations For OpenCRX version 5.2.0, update to a version that fixes this issue, if available. As a temporary workaround, consider restricting user input in the Product Configuration Name Field to prevent HTML injection until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-40817

GHSA-96Q4-7FWR-GMXH

Affected Products

Opencrx

CVE-2023-40817

Weakness Enumeration

Related Identifiers

Affected Products

References · 4