Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR
CVE-2024-0875
4.8MEDIUM
Key Information:
- Vendor
- Openemr
- Status
- Openemr/openemr
- Vendor
- CVE Published:
- 15 November 2024
Summary
A stored cross-site scripting vulnerability is present in the OpenEMR application, specifically in the Secure Messaging feature of version 7.0.1. This vulnerability allows an attacker to inject harmful scripts into the 'inputBody' field. When users receive a message containing the malicious payload and view it, the payload is executed in their browser. This can lead to unauthorized access and potential compromise of user accounts. To mitigate this vulnerability, upgrading to version 7.0.2.1 or later is essential.
Affected Version(s)
openemr/openemr < 7.0.2.1
References
EPSS Score
2% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved