Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
References
| Link | Resource |
|---|---|
| https://github.com/lodestone-security/CVEs/blob/master/CVE-2019-16862/README.md | Third Party Advisory |
| https://github.com/openemr/openemr/pull/2685 | Third Party Advisory |
| https://github.com/lodestone-security/CVEs/blob/master/CVE-2019-16862/README.md | Third Party Advisory |
| https://github.com/openemr/openemr/pull/2685 | Third Party Advisory |
Configurations
History
21 Nov 2024, 04:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/lodestone-security/CVEs/blob/master/CVE-2019-16862/README.md - Third Party Advisory | |
| References | () https://github.com/openemr/openemr/pull/2685 - Third Party Advisory |
Information
Published : 2019-10-21 01:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-16862
Mitre link : CVE-2019-16862
CVE.ORG link : CVE-2019-16862
JSON object : View
Products Affected
open-emr
- openemr
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')