3 matches found
OpenEMR 5.0.2 < 6.0.0.1 Multiple XSS Vulnerabilities
OpenEMR is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-25917
creationtimestamp| type| source ---|---|--- 2021-03-22 23:37:33+00:00| seen| https://t.me/cibsecurity/25260...
CVE-2021-25917
OpenEMR (versions 5.0.2–6.0.0) is vulnerable to a Stored Cross-Site Scripting (XSS) flaw. The root cause is that user input is not properly validated and is rendered on the U2F USB Device authentication method page, allowing a highly privileged attacker to inject arbitrary code when creating a ne...