Description

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

INFO

Published Date :

2024-11-15T10:57:25.334Z

Last Modified :

2024-11-15T20:54:38.603Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-0875 vulnerability.

Vendors Products
Open-emr
  • Openemr
Openemr
  • Openemr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-0875.

URL Resource
https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255 cve-icon cve-icon
https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact