CVE-2020-11436
Description
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LibreHealth EMR v2.0.0 contains a stored XSS vulnerability enabling attackers to force arbitrary actions on behalf of any user, including administrators.
Vulnerability
LibreHealth EHR version 2.0.0 is vulnerable to cross-site scripting (XSS) that allows an attacker to execute arbitrary JavaScript in the context of another user's session [1]. The official description confirms the vulnerability exists in v2.0.0 and that it can be used to force actions on behalf of other users, including administrators. The advisory from Bishop Fox lists this as one of five high-risk issues discovered in the application [1], noting that fixes are in progress but no patched release was available at the time of writing [1].
Exploitation
According to the advisory, the XSS vulnerability can be exploited by an unauthenticated malicious actor or a low-privileged application user [1]. While the specific trigger mechanism is not detailed in the public references, the advisory categorizes the XSS issue as one that "would allow attackers to force actions on other user's behalf" [1]. The associated CSRF issue [1] further suggests that an attacker could chain these vulnerabilities, potentially using a phishing page to deliver the attack from an unauthenticated context.
Impact
Successful exploitation of the XSS vulnerability allows the attacker to perform arbitrary actions within the application in the context of the victim user [1]. Because this includes administrators, the attacker could gain elevated privileges and potentially compromise the entire application server and access highly sensitive medical records and personally identifiable information (PII) [1]. The overall impact is rated high-risk by the researcher [1].
Mitigation
As of the advisory publication date, no official patched release of LibreHealth EHR was available [1]. The advisory states that "fixes are in progress and some are available as unmerged pull requests" [1], but no specific version or release date for a fix is provided. Users should monitor the project's official site [2] and the advisory page [3] for updates. No workaround is mentioned in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- LibreHealth/EMRdescription
- Range: =2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization on the `note` parameter allows stored cross-site scripting (XSS)."
Attack vector
An attacker authenticated as a low-privileged Front Desk user creates a note in the New Documents section containing a stored XSS payload in the `note` parameter [ref_id=1]. The payload uses an `
Affected code
The vulnerable endpoint is `/librehealthehr/controller.php`; the `note` parameter is the injection point [ref_id=1]. The advisory does not specify the exact function or file within the codebase that processes the note parameter.
What the fix does
The advisory does not include a patch or specific remediation guidance for CVE-2020-11436 [ref_id=1]. To close the vulnerability, the application must sanitize or encode user-supplied input in the `note` parameter before storing and rendering it, preventing arbitrary JavaScript execution in the context of other authenticated users.
Preconditions
- authAttacker must be authenticated as a low-privileged Front Desk user
- inputAttacker must have access to the New Documents section to create a note
- inputA victim (any authenticated user, including administrators) must navigate to the affected document's notes view
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- know.bishopfox.com/advisoriesmitrex_refsource_MISC
- labs.bishopfox.com/advisories/librehealth-version-2.0.0-0mitrex_refsource_MISC
- librehealth.iomitrex_refsource_MISC
News mentions
0No linked articles in our index yet.