Overview
- Description
- A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
- Source
- security@huntr.dev
- NVD status
- Undergoing Analysis
Risk scores
CVSS 3.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- security@huntr.dev
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-0875 Stored XSS Vulnerability in OpenEMR Secure Messaging Feature OpenEMR version 7.0.1 has a stored XSS vulnerability. An attacker can put harmful code into the 'inputBody' field of the Secure Messaging... https://t.co/TKMPzEqn3s
@VulmonFeeds
15 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-0875 A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the S… https://t.co/IxZF40MBmK
@CVEnew
15 Nov 2024
303 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes