CVE-2022-31492
Description
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in LibreHealth EHR 2.0.0 via username parameter in usergroup_admin_add.php allows stored XSS.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in LibreHealth EHR Base 2.0.0 in the interface/usergroup/usergroup_admin_add.php script. The username parameter is not sanitized before being stored, allowing an attacker to inject arbitrary JavaScript [1]. The vulnerable version is 2.0.0 (released 2017-11-02) [2].
Exploitation
An attacker with access to the user group administration page can submit a malicious username containing JavaScript payloads. The payload is stored and executed when the page is loaded. No authentication bypass is needed; the attacker must have privileges to add users (e.g., admin role) [1].
Impact
Successful exploitation leads to stored cross-site scripting, enabling the attacker to execute arbitrary JavaScript in the context of the application. This can lead to session hijacking, defacement, or redirection to malicious sites. The impact is limited to actions available to the admin user's session [1].
Mitigation
No official patch has been released as of the publication date. Users are advised to restrict access to the user group administration functionality and apply input validation. The latest release is 2.0.0, and no newer version addresses this issue [1][2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- LibreHealth/LibreHealth EHR Basedescription
- Range: = 2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization on the username field allows stored cross-site scripting."
Attack vector
An attacker submits a crafted username containing JavaScript payloads via the POST parameter `username` on the user-add form at `interface/usergroup/usergroup_admin_add.php`. Because the input is not filtered, the payload is stored in the database and executed when an administrator views the users list page, resulting in stored cross-site scripting (XSS) [ref_id=1]. No authentication bypass or special network position is required beyond access to the user-add form.
Affected code
The vulnerability is in `interface/usergroup/usergroup_admin_add.php`, the web form for adding new users. The `username` field is not sanitized before being stored and later rendered on the users list page [ref_id=1].
What the fix does
The advisory does not include a patch or specific remediation code. The recommended fix is to implement proper input validation and output encoding on the `username` field in `interface/usergroup/usergroup_admin_add.php` and on the users list page that renders the stored value, preventing script execution [ref_id=1].
Preconditions
- networkAttacker must have access to the user-add web form at /interface/usergroup/usergroup_admin_add.php
- inputThe application must not sanitize or encode the username input before storage or display
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- nitroteam.kz/index.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.