OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.
CVSS Metrics
