VYPR
Unrated severityNVD Advisory· Published Mar 22, 2021· Updated Apr 30, 2025

CVE-2021-25917

CVE-2021-25917

Description

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenEMR/OpenEMRdescription
  • Openemr/Openemrllm-fuzzy
    Range: >=5.0.2,<=6.0.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.