CVE-2020-36636

Name of the Vulnerable Software and Affected Versions OpenMRS Admin UI Module versions up to 1.4.x

Description A problematic vulnerability has been found in the OpenMRS Admin UI Module, affecting the sendErrorMessage function of the AccountPageController.java file, part of the Account Setup Handler component. This vulnerability leads to cross-site scripting and can be launched remotely.

Recommendations For OpenMRS Admin UI Module versions up to 1.4.x, upgrade to version 1.5.0 to address this issue. As a temporary workaround, consider disabling the sendErrorMessage function until the patch is applied. Restrict access to the vulnerable AccountPageController.java file to minimize the risk of exploitation.