Isears

**Name of the Vulnerable Software and Affected Versions** OpenMRS Admin UI Module versions up to 1.4.x **Description** A vulnerability was found in the Manage Privilege Page component, affecting the processing of the file `omod/src/main/webapp/pages/metadata/privileges/privilege.gsp`. This issue leads to cross-site scripting and can be initiated remotely. **Recommendations** For OpenMRS Admin UI Module versions up to 1.4.x, upgrade to version 1.5.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** OpenMRS Reference Application version 2.8.0 HTML Form Entry version 3.7.0 **Description** A vulnerability exists due to an XML External Entity (XXE) issue. This allows for potential exploitation. **Recommendations** For OpenMRS Reference Application version 2.8.0, update HTML Form Entry to a version that fixes the XXE vulnerability. For HTML Form Entry version 3.7.0, consider disabling XML external entity processing until a patch is available.