L00Ph0Le

**Name of the Vulnerable Software and Affected Versions** OpenEMR version v5 0 1 4 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the `file` parameter in the interface/fax/fax view.php file. This could allow remote authenticated attackers to inject arbitrary web script or HTML. The attack appears to be exploitable via a specially crafted URL that the victim must visit. **Recommendations** For OpenEMR version v5 0 1 4, consider restricting access to the `fax view.php` file until a patch is available. As a temporary workaround, avoid using the `file` parameter in the affected interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenEMR version v5 0 1 4 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the `scan` parameter in the interface/fax/fax view.php file. This could allow remote authenticated attackers to inject arbitrary web script or HTML by visiting a specially crafted URL. **Recommendations** For OpenEMR version v5 0 1 4, consider restricting access to the vulnerable `fax view.php` file until a patch is available. As a temporary workaround, avoid using the `scan` parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.