CVE-2024-0875

Name of the Vulnerable Software and Affected Versions openemr/openemr version 7.0.1

Description A stored cross-site scripting (XSS) issue exists in the Secure Messaging feature. An attacker can inject malicious payloads into the inputBody field, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account.

Recommendations For version 7.0.1, update to version 7.0.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the Secure Messaging feature or disabling the ability to input data into the inputBody field until the update is applied.