org.opencrx:opencrx-core@4.3-alpha-5 vulnerabilities
-
latest version
5.3.0
-
first published
4 years ago
-
latest version published
9 months ago
-
licenses detected
- [4.3-alpha-1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.opencrx:opencrx-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Product Configuration Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Activity Milestone Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[,5.2.0)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Accounts Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Category Creation Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the 'Activity Saved Search Creation' function due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Accounts Group Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Product Name Field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the How to fix XML External Entity (XXE) Injection? Upgrade |
[,5.3.0)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Information Exposure due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid, leading to password enumeration. How to fix Information Exposure? There is no fixed version for |
[0,)
|
org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. How to fix Cross-site Scripting (XSS)? Upgrade |
[4.0.0,5.2.0)
|