Home > Vulnerability Database > CVE-2020-36636

Mend.io Vulnerability Database

CVE-2020-36636

Good to know:

Date: December 27, 2022

A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 702fbfdac7c4418f23bb5f6452482b4a88020061. It is recommended to upgrade the affected component. VDB-216918 is the identifier assigned to this vulnerability.

Language: GROOVY

Severity Score

3.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36636

Url: https://github.com/openmrs/openmrs-module-adminui/pull/57

Url: https://github.com/openmrs/openmrs-module-adminui/commit/702fbfdac7c4418f23bb5f6452482b4a88020061

Url: https://vuldb.com/?ctiid.216918

Url: https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.5.0

Url: https://vuldb.com/?id.216918

Url: https://www.mend.io/vulnerability-database/CVE-2020-36636

Severity Score

3.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 1.5.0

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36636

Good to know:

Date: December 27, 2022

Language: GROOVY

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?