Security Advisory

CVE-2024-0875

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-15 10:57:25

Last updated 2024-11-15 20:54:38

Assigner @huntr_ai

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the inputBody field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

← Browse all CVEs View on cve.org ↗