org.opencrx:opencrx-core 4.3-alpha-6 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.opencrx:opencrx-core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the `Name` field after creation of a Tracker in Manage Activity. An attacker can inject and execute arbitrary script code in the context of the user's browser session by submitting a crafted input. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Name`, `Description`, or `Activity Number` fields. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Product Configuration Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Activity Milestone Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[,5.2.0)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Accounts Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Category Creation Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the 'Activity Saved Search Creation' function due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Accounts Group Name field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Product Name Field due to improper input sanitization. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
H XML External Entity (XXE) Injection org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the `DocumentBuilderFactory` function, due to improper input sanitization. An attacker can read internal files and execute server side request forgery attack by exploiting this vulnerability. How to fix XML External Entity (XXE) Injection? Upgrade `org.opencrx:opencrx-core` to version 5.3.0 or higher.	[,5.3.0)
M Information Exposure org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Information Exposure due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid, leading to password enumeration. How to fix Information Exposure? There is no fixed version for `org.opencrx:opencrx-core`.	[0,)
M Cross-site Scripting (XSS) org.opencrx:opencrx-core is a Part of openCRX CRM platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. How to fix Cross-site Scripting (XSS)? Upgrade `org.opencrx:opencrx-core` to version 5.2.0 or higher.	[4.0.0,5.2.0)

Vulnerability

Vulnerable Version

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the Name field after creation of a Tracker in Manage Activity. An attacker can inject and execute arbitrary script code in the context of the user's browser session by submitting a crafted input.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Name, Description, or Activity Number fields.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Product Configuration Name field due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Activity Milestone Name field due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[,5.2.0)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Accounts Name field due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Category Creation Name field due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the 'Activity Saved Search Creation' function due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Accounts Group Name field due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Product Name Field due to improper input sanitization.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

XML External Entity (XXE) Injection

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the DocumentBuilderFactory function, due to improper input sanitization. An attacker can read internal files and execute server side request forgery attack by exploiting this vulnerability.

How to fix XML External Entity (XXE) Injection?

Upgrade org.opencrx:opencrx-core to version 5.3.0 or higher.

[,5.3.0)

Information Exposure

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Information Exposure due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid, leading to password enumeration.

How to fix Information Exposure?

There is no fixed version for org.opencrx:opencrx-core.

[0,)

Cross-site Scripting (XSS)

org.opencrx:opencrx-core is a Part of openCRX CRM platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

How to fix Cross-site Scripting (XSS)?

Upgrade org.opencrx:opencrx-core to version 5.2.0 or higher.

[4.0.0,5.2.0)

org.opencrx:opencrx-core@4.3-alpha-6 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?