openEMR 4.2.0 Cross Site Scripting / SQL Injection

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...