exploitDog

CVE-2025-30149

Опубликовано: 31 мар. 2025

Источник: nvd

CVSS3: 6.4

CVSS3: 4.6

EPSS Низкий

Описание

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3.

Ссылки

https://github.com/openemr/openemr/commit/6cb70595f65decfbdd03e70b49acc414e03744b8
Patch
https://github.com/openemr/openemr/security/advisories/GHSA-fwfv-8583-6rr7
Exploit
Vendor Advisory
https://github.com/openemr/openemr/security/advisories/GHSA-fwfv-8583-6rr7
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

Версия до 7.0.3 (исключая)

EPSS

Процентиль: 70%

0.00632

Низкий

6.4 Medium

CVSS3

4.6 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 70%

0.00632

Низкий

6.4 Medium

CVSS3

4.6 Medium

CVSS3

Дефекты

CWE-79