Lucene search
Bugruto74DDB017-C1FD-4E72-BD30-3B2033911472HistoryMay 10, 2022 - 9:18 a.m.
Cross-site Scripting (XSS) - Stored
2022-05-1009:18:44
bugruto
www.huntr.dev
19
openemr
stored
cross-site scripting
xss
patient portal
security vulnerability
bug bounty
EPSS
0.016
Percentile
87.3%
Description
openemr / openemr is vulnerable to Cross-site Scripting (XSS) - Stored
Proof of Concept
// Poc
<script>alert(document.cookie)</script>
steps to reproduce:
1) login open emr patient portal https://demo.openemr.io/openemr/portal/index.php
2) goto my profile in https://demo.openemr.io/openemr/portal/home.php
ā3)click on pending review.
4)add the payload in the first name /middle name (<script>alert(document.cookie)</script>)
5) click submit changes
6) after that we get an with Error: Patient was successfully updated
7) on clicking pending review the xss wil be triggered
Related
cnvd
cnvd
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-56131)
2022-07-26 00:00:00
cvelist
cvelist
CVE-2022-2494 Cross-site Scripting (XSS) - Stored in openemr/openemr
2022-07-22 03:48:01
prion
prion
Cross site scripting
2022-07-22 04:15:00
cve
cve
CVE-2022-2494
2022-07-22 04:15:13
nvd
nvd
CVE-2022-2494
2022-07-22 04:15:13
osv
osv
CVE-2022-2494
2022-07-22 04:15:13
openvas
openvas
OpenEMR < 7.0.0 Multiple Vulnerabilities
2022-07-26 00:00:00