CVE-2017-7990

Name of the Vulnerable Software and Affected Versions OpenMRS Reporting Module version 1.12.0

Description The issue allows for CSRF attacks with resultant XSS, where administrative authentication can be hijacked to insert JavaScript into a name field in the "webapp/reports/manageReports.jsp" endpoint. This can lead to unauthorized access and malicious actions.

Recommendations For OpenMRS Reporting Module version 1.12.0, consider disabling access to the "webapp/reports/manageReports.jsp" endpoint until a patch is available to prevent CSRF and XSS attacks. Restrict administrative authentication to minimize the risk of exploitation.