PT-2022-9029 · Openmrs · Openmrs Appointment Scheduling Module
Published
2022-12-27
·
Updated
2024-05-17
·
CVE-2020-36635
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenMRS Appointment Scheduling Module versions up to 1.12.x
Description
A problematic issue has been found, affecting the
validateFieldName function of the AppointmentTypeValidator.java file. This leads to cross-site scripting and can be initiated remotely.Recommendations
For OpenMRS Appointment Scheduling Module versions up to 1.12.x, upgrade to version 1.13.0 to address this issue. As a temporary workaround, consider disabling the
validateFieldName function until the patch is applied. Restrict access to the api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java file to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openmrs Appointment Scheduling Module