Multiple Cross-Site Scripting (XSS) Vulnerabilities in OpenMRS 2.1 Standalone Edition

Multiple Cross-Site Scripting (XSS) Vulnerabilities in OpenMRS 2.1 Standalone Edition

CVE-2014-8071 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page.

Learn more about our Web App Pen Testing.