CVE-2019-3963
CVE-2019-3963 affects OpenEMR 5.0.1 and earlier, where the vulnerable component is the controller.php handling the patient_id parameter. The root cause is a reflected XSS vulnerability in that parameter, enabling an attacker to execute arbitrary code in the context of a user’s session. Multiple c...