CVE-2018-1000218

Name of the Vulnerable Software and Affected Versions OpenEMR version v5 0 1 4

Description The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the file parameter in the interface/fax/fax view.php file. This could allow remote authenticated attackers to inject arbitrary web script or HTML. The attack appears to be exploitable via a specially crafted URL that the victim must visit.

Recommendations For OpenEMR version v5 0 1 4, consider restricting access to the fax view.php file until a patch is available. As a temporary workaround, avoid using the file parameter in the affected interface to minimize the risk of exploitation.