Lucene search

[email protected]CVE-2014-8071

HistoryOct 23, 2014 - 2:55 p.m.

CVE-2014-8071

2014-10-2314:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8071

openmrs

xss

vulnerabilities

remote attack

injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page.

Affected configurations

NVD

Node

openmrsopenmrsMatch2.1standalone

CPENameOperatorVersion
openmrs:openmrsopenmrseq2.1

CPE	Name	Operator	Version
openmrs:openmrs	openmrs	eq	2.1

References

packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html

www.securityfocus.com/bid/70664

exchange.xforce.ibmcloud.com/vulnerabilities/97690

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2014-8071

prion1 cvelist1 nvd1 packetstorm1 openvas1