CVE-2021-47817

Name of the Vulnerable Software and Affected Versions OpenEMR version 5.0.2.1

Description OpenEMR contains a cross-site scripting issue that permits authenticated attackers to inject malicious JavaScript through user profile parameters. Exploitation involves crafting a malicious payload to download and execute a web shell, potentially enabling remote command execution on the OpenEMR instance. The affected parameter is within user profile settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.