exploitDog

CVE-2025-25925

Опубликовано: 11 мар. 2025

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form.

Ссылки

http://openmrs.com
Broken Link
https://github.com/johnchd/CVEs/blob/main/OpenMRS/CVE-2025-25925%20-%20P-XSS.md
Exploit
Third Party Advisory
https://github.com/johnchd/CVEs/blob/main/OpenMRS/CVE-2025-25925%20-%20P-XSS.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openmrs:openmrs:2.4.3:build0ff0ed:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00083

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5xpm-7q7v-rpvf

CVSS3: 4.8

github

11 месяцев назад

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form.

EPSS

Процентиль: 24%

0.00083

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79