VYPR
Unrated severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024

Stored XSS in openemr/openemr

CVE-2024-0875

Description

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openemr/Openemrllm-fuzzy2 versions
    <=7.0.1+ 1 more
    • (no CPE)range: <=7.0.1
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.