3 matches found
CVE-2021-4292
OpenMRS Admin UI Module (up to 1.4.x) contains a cross-site scripting (XSS) vulnerability in the privilege.gsp handling on the Manage Privilege Page. The issue arises from processing on omod/src/main/webapp/pages/metadata/privileges/privilege.gsp, allowing remote initiation. The recommended fix i...
CVE-2021-4291
The CVE-2021-4291 affects OpenMRS Admin UI Module up to v1.5.x, with exploitation targeting the file omod/src/main/webapp/pages/metadata/locations/location.gsp and enabling cross-site scripting. Remote attacker can trigger the issue; upgrading to v1.6.0 addresses it (patch: a7eefb5f69f6c50a3bffcb...
CVE-2020-36636
OpenMRS Admin UI Module (up to 1.4.x) is affected by a cross-site scripting vulnerability in the sendErrorMessage function of AccountPageController.java (Account Setup Handler). The issue can be exploited remotely. Upgrading to version 1.5.0 fixes the vulnerability (patch 702fbfdac7c4418f23bb5f64...