CVE-2025-25925

Name of the Vulnerable Software and Affected Versions: Openmrs version 2.4.3 Build 0ff0ed

Description: A stored cross-scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the personName.middleName parameter at the "/openmrs/admin/patients/shortPatientForm.form" API endpoint.

Recommendations: For Openmrs version 2.4.3 Build 0ff0ed, consider restricting access to the /openmrs/admin/patients/shortPatientForm.form API endpoint to minimize the risk of exploitation, and avoid using the personName.middleName parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.