Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-25922
Date: March 22, 2021
Overview
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.Details
There is a Reflected Cross-Site Scripting vulnerability in “OpenEMR” at `/interface/orders/patient_match_dialog.php?key=1` endpoint in “key” query parameter. The “key" parameter is not sufficiently sanitized, allowing JavaScript to be inserted in the URL. The user-controlled parameter is sanitized using the addSlashes() method, but the attacker could bypass this by using the `String.fromCharCode()` to make a more complex exploit.PoC Details
Login as administrator to the OpenEMR application. After login, go to the `interface/orders/patient_match_dialog.php?key=1` endpoint. Test the vulnerability by changing the value of `key` parameter in the URL to the below provided payload and press enter.PoC Code
</script><script>alert(1)</script>Affected Environments
4.2.0-6.0.0Prevention
Upgrade to version 6.0.0.1Language: PHP
Good to know:
| Base Score: |
|
|---|---|
| Attack Vector (AV): | Network |
| Attack Complexity (AC): | Low |
| Privileges Required (PR): | None |
| User Interaction (UI): | Required |
| Scope (S): | Changed |
| Confidentiality (C): | Low |
| Integrity (I): | Low |
| Availability (A): | None |
| Base Score: |
|
|---|---|
| Access Vector (AV): | Network |
| Access Complexity (AC): | Medium |
| Authentication (AU): | None |
| Confidentiality (C): | None |
| Integrity (I): | Partial |
| Availability (A): | None |
| Additional information: |