Medium severity5.4NVD Advisory· Published Apr 6, 2022· Updated Jun 17, 2026
CVE-2021-40374
CVE-2021-40374
Description
A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Apperta Foundation/OpenEyesdescription
- Range: =3.5.1
Patches
Vulnerability mechanics
References
1- openeyes.apperta.orgnvdProductVendor Advisory
News mentions
0No linked articles in our index yet.