Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR

CVE-2024-0875

4.8MEDIUM

Key Information

Vendor: Openemr
Status: Openemr/openemr
Vendor: CVE Published:; 15 November 2024

Summary

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

Affected Version(s)

openemr/openemr < 7.0.2.1

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: null to: 8.1 - (HIGH)
Nov 15, 2024
Vulnerability published.
Nov 15, 2024
Vulnerability Reserved.
Jan 25, 2024

Collectors

NVD DatabaseMitre Database