2 matches found
CVE-2020-5729
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue...
CVE-2020-5728
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages such as login.htm. There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting...