Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenEMR (lastest version)- Multiple Cross-Site Scripting (XSS) #498

Closed
bestshow opened this issue Feb 27, 2017 · 5 comments
Closed

OpenEMR (lastest version)- Multiple Cross-Site Scripting (XSS) #498

bestshow opened this issue Feb 27, 2017 · 5 comments

Comments

@bestshow
Copy link

bestshow commented Feb 27, 2017

Product:OpenEMR
Download: https://github.com/openemr/openemr
Vunlerable Version: lastest version and probably prior
Tested Version: lastest version
Author: ADLab of Venustech

Advisory Details:
I have discovered multiple Cross-Site Scripting (XSS) in “OpenEMR”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to “openemr-master/gacl/admin/object_search.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
http://localhost/github1/zip/openemr_master/openemr-master/gacl/admin/object_search.php?section_value=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(2)
http://localhost/github1/zip/openemr_master/openemr-master/gacl/admin/object_search.php?src_form=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

@bradymiller
Copy link
Sponsor Member

The solution for this vulnerability is currently being worked on by a group researching tools to fix vulnerabilities.

@bradymiller
Copy link
Sponsor Member

@bestshow ,
Just checking why this was closed?
thanks,
-brady

@bestshow
Copy link
Author

@bradymiller ,Sorry, I made a mistake, I`ll reopen it.

@bestshow bestshow reopened this May 31, 2017
@bradymiller
Copy link
Sponsor Member

no prob (I commonly make this mistake also).

@bradymiller bradymiller added this to the 5.0.1 milestone Oct 26, 2017
@bradymiller
Copy link
Sponsor Member

this was fixed via both:
#1388
6d8234d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants