- Description
- A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
- Source
- security@huntr.dev
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- security@huntr.dev
- CWE-79
- Hype score
- Not currently trending
CVE-2024-0875 Stored XSS Vulnerability in OpenEMR Secure Messaging Feature OpenEMR version 7.0.1 has a stored XSS vulnerability. An attacker can put harmful code into the 'inputBody' field of the Secure Messaging... https://t.co/TKMPzEqn3s
@VulmonFeeds
15 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-0875 A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the S… https://t.co/IxZF40MBmK
@CVEnew
15 Nov 2024
303 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open-emr:openemr:7.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49234EA5-1593-40E1-93AF-A71F05056639"
}
],
"operator": "OR"
}
]
}
]