Lucene search

[email protected]NVD:CVE-2022-4727

HistoryDec 27, 2022 - 3:15 p.m.

CVE-2022-4727

2022-12-2715:15:12

CWE-79

CWE-707

[email protected]

web.nvd.nist.gov

openmrs appointment scheduling module

cross site scripting

remote attack

upgrade

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

38.2%

JSON

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765de41eeb8ee4c70b5ec49cc8. It is recommended to upgrade the affected component. The identifier VDB-216741 was assigned to this vulnerability.

Affected configurations

NVD

Node

openmrsappointment_scheduling_moduleRange<1.17.0

References

github.com/openmrs/openmrs-module-appointmentscheduling/commit/2ccbe39c020809765de41eeb8ee4c70b5ec49cc8

github.com/openmrs/openmrs-module-appointmentscheduling/pull/39

github.com/openmrs/openmrs-module-appointmentscheduling/releases/tag/1.17.0

vuldb.com/?id.216741

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

38.2%

JSON

Related for NVD:CVE-2022-4727

cve1 osv1 cvelist1 prion1