{"id":"GHSA-chj5-8wxj-rxg8","summary":"Cross-site Scripting in OpenCRX","details":"OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.","aliases":["CVE-2023-40814"],"modified":"2024-02-19T05:33:24.226977Z","published":"2023-11-18T06:30:24Z","database_specific":{"github_reviewed_at":"2023-11-20T23:23:11Z","cwe_ids":["CWE-79"],"severity":"MODERATE","nvd_published_at":"2023-11-18T04:15:07Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40814"},{"type":"WEB","url":"https://www.esecforte.com/cve-2023-40814-html-injection-accounts"}],"affected":[{"package":{"name":"org.opencrx:opencrx-core-models","ecosystem":"Maven","purl":"pkg:maven/org.opencrx/opencrx-core-models"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.2.0"}]}],"versions":["4.3-alpha-10","4.3-alpha-11","4.3-alpha-9","4.3.0","5.0.0","5.0.1","5.1.0","5.2.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-chj5-8wxj-rxg8/GHSA-chj5-8wxj-rxg8.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}