OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.
opencrx opencrx 5.2.0