CVE-2023-22972 - OpenCVE

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Open-emr	Openemr

Configuration 1 [-]

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29	Patch Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-22T00:00:00

Updated: 2023-02-22T00:00:00

Reserved: 2023-01-11T00:00:00

Link: CVE-2023-22972

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-02-22T21:15:11.330

Modified: 2023-03-03T03:00:33.173

Link: CVE-2023-22972

JSON object: View

Redhat Information

No data.

CWE

CWE-79