Lucene search
China National Vulnerability DatabaseCNVD-2023-40913HistoryMay 10, 2023 - 12:00 a.m.
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2023-40913)
2023-05-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
openemr
cross-site scripting
vulnerability
user-supplied data
filtering
escaping
0.021 Low
EPSS
Percentile
89.2%
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A cross-site scripting vulnerability exists in versions of OpenEMR prior to 7.0.1. The vulnerability stems from the application’s lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openemr openemr | lt | 7.0.1 |
Related
nvd
nvd
CVE-2023-2566
2023-05-08 05:15:09
huntr
huntr
Stored XSS bypass the protection rules
2022-12-22 02:29:41
cvelist
cvelist
CVE-2023-2566 Cross-site Scripting (XSS) - Stored in openemr/openemr
2023-05-08 00:00:00
cve
cve
CVE-2023-2566
2023-05-08 05:15:09
prion
prion
Cross site scripting
2023-05-08 05:15:00
osv
osv
CVE-2023-2566
2023-05-08 05:15:09
openvas
openvas
OpenEMR < 7.0.1 Multiple Vulnerabilities
2023-05-10 00:00:00