CVE-2021-40374

Name of the Vulnerable Software and Affected Versions Apperta Foundation OpenEyes version 3.5.1

Description A stored cross-site scripting issue was identified, allowing remote attackers to inject arbitrary web script or HTML via the Address1 parameter when updating a patient's details. This JavaScript executes when the patient profile is loaded, potentially leading to a cross-site scripting attack.

Recommendations For Apperta Foundation OpenEyes version 3.5.1, update the software to a version that includes a fix for this issue, ensuring that the Address1 parameter is properly sanitized to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the patient profile update feature until a patch is available.