Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenEMR v5_0_1_4: Cross-Site Scripting in interface/fax/fax_view.php #1781

Closed
l00ph0le opened this issue Jul 25, 2018 · 2 comments
Closed

OpenEMR v5_0_1_4: Cross-Site Scripting in interface/fax/fax_view.php #1781

l00ph0le opened this issue Jul 25, 2018 · 2 comments
Labels

Comments

@l00ph0le
Copy link

I found an application security issue in interface/fax/fax_view.php of OpenEMR v5_0_1_4 and likely earlier versions.

The vulnerability exists due to a lack of sanitation of user-supplied input. The vulnerability allows attackers to execute javascript on remotely authenticated users via the 'file' and 'scan' parameters.

Proof of Concept URL 'file' parameter:
http://192.168.246.144/openemr-5.0.1/interface/fax/fax_view.php?file=%3Csvg/onload=alert(1)%3E

Proof of Concept URL 'scan' parameter:
http://192.168.246.144/openemr-5.0.1/interface/fax/fax_view.php?scan=%3Csvg/onload=alert(1)%3E

@bradymiller
Copy link
Sponsor Member

hi @l00ph0le ,

Thanks for the report! Fixes are in this PR:
#1783

For future specific security vulnerability reports, rec. emailing them to me at brady.g.miller@gmail.com rather than posting them publicly (and even better if email it encrypted via my public PGP key at: https://pgp.mit.edu/pks/lookup?op=get&search=0x27DEF05B1A8A6D4F).

Thanks!
-brady

@danehrlich1
Copy link
Member

I believe this should be closed since it's already been fixed. I will be going through this entire folder as well in the next couple of days as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants