Overview
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
Details
The module `OpenEMR` can be abused by Stored Cross-Site Scripting vulnerability since it performs improper validation on the input sent to the allergies `Title` field of patient details, before rendering the patient details in the reports page. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
PoC Details
Login as administrator to the OpenEMR application. After login, create a new patient. After creating a new patient the site will navigate to the Medical Record Dashboard screen. Here click on `edit` of Allergies option to add medical details of the patient. Then click on the Add button to add allergies related medical issues of the patient. Select the issue type and place the given payload in this title field, then click on the save button.Then navigate to Reports tab in the Dashboard which displays the patient's details as a report, and the appended payload will get executed here.
PoC Code
<svg onload="javascript:alert('Stored XSS in add allergies title field of patient details')" xmlns="#"></svg>
Affected Environments
2.7.3-rc1 - 6.0.0
Prevention
Upgrade to version 6.0.0.1
Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
What is a WS vulnerability ID? 
