GHSA-26jh-r8g2-6fpr: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

GHSA-gvv6-33j7-884g: Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.

**Cross-site Scripting in OpenCRX**

Moderate severity GitHub Reviewed Published Nov 18, 2023 to the GitHub Advisory Database • Updated Nov 20, 2023