Stored XSS Vulnerability in OpenEMR Software by OpenEMR
CVE-2021-32103

4.8MEDIUM

Key Information:

Vendor

Open-emr

Status
Openemr
Vendor
CVE Published:
7 May 2021

What is CVE-2021-32103?

A Stored XSS vulnerability exists in the OpenEMR platform, specifically within the usergroup_admin.php file. This flaw permits authenticated admin users to inject arbitrary web scripts or HTML through the lname parameter. As a result, if exploited, an attacker could manipulate user sessions or perform actions on behalf of users, posing a significant security risk to sensitive health information.

References

https://blog.sonarsource.com/openemr-5-0-2-1-command-inje...
x_refsource_MISC
https://community.sonarsource.com/t/openemr-5-0-2-1-comma...
x_refsource_MISC
https://community.open-emr.org/t/openemr-5-0-2-patch-5-ha...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.