Stored Cross-Site Scripting Vulnerability in OpenEMR by OpenEMR
CVE-2021-25921

5.4MEDIUM

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 22 March 2021

What is CVE-2021-25921?

OpenEMR versions between 2.7.3-rc1 and 6.0.0 are affected by a Stored Cross-Site Scripting vulnerability. This flaw occurs because user input is not properly validated in the Allergies section. An attacker can exploit this weakness by convincing an administrator to enter a crafted malicious payload, which could lead to unintended script execution in the web application. It is essential for users of these versions to implement security measures and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

openemr 2.7.3-rc1, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.9.0, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.0.3, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 6.0.0

References

https://github.com/openemr/openemr/commit/0fadc3e592d84bc...

x_refsource_MISC

https://www.whitesourcesoftware.com/vulnerability-databas...

x_refsource_MISC

EPSS Score

57% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 22, 2021

CVE-2021-25921 Data

JSON