Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0

March 22, 2015 007admin

Posted by Steffen Rösemann on Mar 22

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in
openEMR v.4.2.0
Advisory ID: SROEADV-2015-08
Author: Steffen Rösemann
Affected Software: openEMR v.4.2.0 (Release-date: 28th Dec 2014)
Vendor URL: http://www.open-emr.org
Vendor Status: patched
CVE-ID: to be assigned after release of advisory via OSS list

==========================
Vulnerability Description:
==========================

Electronic health records and medical…

007 Software

Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0

Software and Security Information