CVE-2018-1000219

Name of the Vulnerable Software and Affected Versions OpenEMR version v5 0 1 4

Description The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the scan parameter in the interface/fax/fax view.php file. This could allow remote authenticated attackers to inject arbitrary web script or HTML by visiting a specially crafted URL.

Recommendations For OpenEMR version v5 0 1 4, consider restricting access to the vulnerable fax view.php file until a patch is available. As a temporary workaround, avoid using the scan parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.