CVE-2021-25959

Publication date

2021-09-29 13:50:15

Family

Mend

State

PUBLISHED

Description

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.