3 matches found
CVE-2023-2950
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2023-2950 Improper Authorization in openemr/openemr
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2023-2950
CVE-2023-2950 affects OpenEMR prior to 7.0.1 and is tied to improper authorization that enables an HTML-injection vulnerability through the patient portal API. Specifically, the PUT endpoint /openemr/portal/patient/api/onsitedocument/{id} accepts a fullDocument payload; a malicious user can modif...