PT-2023-5355 · Openemr · Openemr

Published

2023-05-27

Updated

2023-06-01

CVE-2023-2947

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.1

Description The issue is related to a lack of protection for the web page structure in OpenEMR, allowing for Cross-site Scripting (XSS) - Stored attacks. This could enable a remote attacker to perform inter-site scripting attacks.

Recommendations For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable openemr/openemr repository until a patch is applied. Avoid using the repository in a way that could lead to XSS attacks until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2023-05983

CVE-2023-2947

Affected Products

Openemr

PT-2023-5355 · Openemr · Openemr

CVE-2023-2947

Weakness Enumeration

Related Identifiers

Affected Products

References · 8