CVE-2017-7990

Publication date

2017-04-21 00:00:00

Family

mitre

State

PUBLISHED

Description

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.