CVE-2021-25959 MEDIUM

CVE-2021-25959: OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality

Vendor Org.opencrx

Product opencrx-core-config

Weakness CWE-79 · XSS

Published September 29, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

Key dates

02Disclosure timeline

September 29, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25959 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2021-25959: OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality

01Description

02Disclosure timeline

03References

04Related CVE