Stored Cross-Site Scripting Vulnerability in OpenEMR Software
CVE-2021-25919

4.8MEDIUM

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 22 March 2021

What is CVE-2021-25919?

OpenEMR versions 5.0.2 through 6.0.0 are affected by a Stored Cross-Site Scripting vulnerability due to improper validation of user input. This allows a highly privileged attacker to inject arbitrary code into input fields, especially during the process of creating new user accounts. If exploited, this vulnerability could compromise the integrity of the application by enabling the execution of malicious scripts within the user's browser.

Affected Version(s)

openemr 5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 6.0.0

References

https://www.whitesourcesoftware.com/vulnerability-databas...

x_refsource_MISC

https://github.com/openemr/openemr/commit/0fadc3e592d84bc...

x_refsource_MISC

EPSS Score

58% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 22, 2021

CVE-2021-25919 Data

JSON