Description

I’ve found out that it is possible to inject HTML code in Patient Chat functionality, which allows malicious code to be stored there and potentially affect the other chat users

Proof of Concept

• Login from the patient portal. I’ve used the demo instance here: http://demo.openemr.io/openemr/portal/index.php?site=&w-
• Go to the chat functionality and write a Payload like this:

<a href="//evil.com">click here</a>

You’ll see that unsanitized HTML code will appear on the chat.

• Click on the link to actually be redirected to the evil site.