Hato0

**Name of the Vulnerable Software and Affected Versions** OpenEMR version 5.0.2.1 **Description** OpenEMR contains a cross-site scripting issue that permits authenticated attackers to inject malicious JavaScript through user profile parameters. Exploitation involves crafting a malicious payload to download and execute a web shell, potentially enabling remote command execution on the OpenEMR instance. The affected parameter is within user profile settings. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.