Cross-Site Scripting Vulnerability in OpenMRS by OpenMRS
CVE-2020-5729

6.1MEDIUM

Key Information:

Vendor: Openmrs
Status: Openmrs
Vendor: CVE Published:; 17 April 2020

What is CVE-2020-5729?

In OpenMRS version 2.9 and earlier, a vulnerability exists in the UI Framework Error Page that allows attackers to reflect arbitrary user input back to the browser. This flaw can lead to Cross-Site Scripting (XSS) attacks, compromising user data and the integrity of the application. Any error-triggering page within this system is potentially exploitable, making it crucial for users to address this security concern swiftly.

Affected Version(s)

OpenMRS Versions 2.90 and prior

References

https://www.tenable.com/security/research/tra-2020-18

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2020
Vulnerability Reserved
Jan 6, 2020

CVE-2020-5729 Data

JSON

Openmrs

What is CVE-2020-5729?

Affected Version(s)

References

CVSS V3.1

Timeline