Unrated severityNVD Advisory· Published Mar 22, 2021· Updated Apr 30, 2025
CVE-2021-25917
CVE-2021-25917
Description
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenEMR/OpenEMRdescription
Patches
Vulnerability mechanics
References
2- github.com/openemr/openemr/commit/0fadc3e592d84bc9dfe9e0403f8bd6e3c7d8427fmitrex_refsource_MISC
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25917mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.