opencrx CVE Vulnerabilities & Metrics

Focus on opencrx vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About opencrx Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with opencrx. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total opencrx CVEs: 13
Earliest CVE date: 24 Nov 2020, 17:15 UTC
Latest CVE date: 26 Dec 2023, 04:15 UTC

Latest CVE reference: CVE-2023-27150

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical opencrx CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.82

Max CVSS: 6.4

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	11
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS opencrx CVEs

These are the five CVEs with the highest CVSS scores for opencrx, sorted by severity first and recency.

CVE-2020-7378 opencrx Published on 24 Nov 2020, 17:15 UTC (CVSS: 6.4)
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.
CVE-2021-25959 opencrx Published on 29 Sep 2021, 14:15 UTC (CVSS: 4.3)
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.
CVE-2023-27150 opencrx Published on 26 Dec 2023, 04:15 UTC (CVSS: 0)
openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
CVE-2023-40817 opencrx Published on 18 Nov 2023, 04:15 UTC (CVSS: 0)
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
CVE-2023-40816 opencrx Published on 18 Nov 2023, 04:15 UTC (CVSS: 0)
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.

All CVEs for opencrx

CVE-2023-27150 opencrx vulnerability CVSS: 0 26 Dec 2023, 04:15 UTC

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.

CVE-2023-40817 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.

CVE-2023-40816 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.

CVE-2023-40815 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.

CVE-2023-40814 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.

CVE-2023-40813 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.

CVE-2023-40812 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.

CVE-2023-40810 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.

CVE-2023-40809 opencrx vulnerability CVSS: 0 18 Nov 2023, 04:15 UTC

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.

CVE-2023-46502 opencrx vulnerability CVSS: 0 30 Oct 2023, 23:15 UTC

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.

CVE-2022-40084 opencrx vulnerability CVSS: 0 20 Oct 2022, 14:15 UTC

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.

CVE-2021-25959 opencrx vulnerability CVSS: 4.3 29 Sep 2021, 14:15 UTC

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

CVE-2020-7378 opencrx vulnerability CVSS: 6.4 24 Nov 2020, 17:15 UTC

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.