CVE-2023-27150: 
Java vulnerability analysis and mitigation

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. The vulnerability was disclosed on December 25, 2023 and assigned identifier CVE-2023-27150 (NVD).

The vulnerability exists in the Activity Tracker Name Field component of openCRX. When creating a new Tracker in the Manage Activity section, the application fails to properly sanitize user input in the Name field, allowing injection of HTML and script content. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD, eSec Forte).

Successful exploitation of this XSS vulnerability could allow attackers to inject malicious HTML code that executes in users' browsers. This could lead to theft of sensitive information, malware distribution, phishing attacks, website defacement, or denial of service impacts (eSec Forte).

The vulnerability affects openCRX version 5.2.0. As of the time of disclosure, information about patches or fixes is not publicly available. Organizations should implement proper input validation and sanitization of user input as a general security measure (eSec Forte).