Medium severity6.1NVD Advisory· Published Jan 10, 2017· Updated Jun 17, 2026
CVE-2015-4591
CVE-2015-4591
Description
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:eclinicalworks:population_health:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:eclinicalworks:population_health:-:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMR-SQL-Injection-CSRF-XSS.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/537420/100/0/threadednvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/39402/nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.