The-Lady

**Name of the Vulnerable Software and Affected Versions** OpenMRS openmrs-module-referenceapplication versions up to 2.11.x **Description** A vulnerability was found in the function `post` of the file `omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java` of the component User App Page. The manipulation of the argument `AppId` leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. **Recommendations** For OpenMRS openmrs-module-referenceapplication versions up to 2.11.x, upgrade to version 2.12.0 to address the issue. As a temporary workaround, consider restricting access to the `UserAppPageController.java` file or disabling the `post` function until the upgrade is applied. Avoid using the `AppId` argument in the affected component until the issue is resolved.