CVE-2023-2947

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.1

Description The issue is related to a lack of protection for the web page structure in OpenEMR, allowing for Cross-site Scripting (XSS) - Stored attacks. This could enable a remote attacker to perform inter-site scripting attacks.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable openemr/openemr repository until a patch is applied. Avoid using the repository in a way that could lead to XSS attacks until the issue is resolved.