PT-2025-13798 · Openemr · Openemr
Published
2025-03-31
·
Updated
2025-04-01
·
CVE-2025-30161
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenEMR versions prior to 7.0.3
Description
A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows attackers to steal credentials from administrators. This issue can be exploited by anyone who can edit a bronchitis form.
Recommendations
For versions prior to 7.0.3, update to version 7.0.3 to fix the vulnerability. As a temporary workaround, consider restricting access to the Bronchitis form component to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openemr