CVE-2023-40812: 
Java vulnerability analysis and mitigation

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. The vulnerability was discovered by Nandini Sharma from eSec Forte Technologies and was assigned CVE-2023-40812 (NVD, ESec Forte).

The vulnerability allows an attacker to inject malicious HTML code into the Accounts Group Name Field. When creating a new Accounts Group, the application fails to properly sanitize user input in the name, description, and activity number fields. The injected HTML code is then executed when the Accounts Group Creation is saved. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

The HTML injection vulnerability can result in the modification of web page content or execution of malicious scripts, potentially leading to theft of sensitive information, malware distribution, phishing attacks, website defacement, or denial of service. This can significantly impact the reputation and security of the organization using the affected software (ESec Forte).

The vulnerability requires proper input validation and sanitization of user input. Organizations using OpenCRX version 5.2.0 should implement proper input validation mechanisms and consider upgrading to a patched version when available (ESec Forte).