Описание
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.
Ссылки
- ExploitPatchThird Party Advisory
- Product
- ExploitThird Party AdvisoryVDB Entry
- Product
- Third Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:open-emr:openemr:5.0.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00026
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
18 дней назад
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.
EPSS
Процентиль: 7%
0.00026
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79