Security Advisory

CVE-2021-25959

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-29 13:50:15

Last updated 2024-09-16 19:24:15

Assigner Mend

State PUBLISHED

Description

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

← Browse all CVEs View on cve.org ↗