icon

We found results for “

CVE-2021-25917

Date: March 22, 2021

Overview

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. An highly privileged attacker could inject arbitrary code into input fields when creating a new user.

Details

The module `OpenEMR` can be abused via Stored Cross-Site Scripting vulnerability since the application is not validating specific input fields like `First Name` and `Last Name` while creating a New User. Due to this flaw, a malicious administrator can create a user with arbitrary script in the input fields and when that user logs and selects Authentication method `U2F USB Device` from `MFA Management`, it results in Stored Cross-Site Scripting Vulnerability.

PoC Details

Login as an administrator, go to Users section under Administration, and click on the `Add User` button. Create a new user, and in the `First Name` or `Last Name` input fields, insert the XSS payload, as can be seen in the POC code section. Now when the user previously created logs in and enters into `U2F USB Device`, the payload gets executed.

PoC Code

//first name: <script>alert(document.cookie)</script>
//last name: <script>alert(XSS!)</script>

Affected Environments

5.0.2-6.0.0

Prevention

Upgrade to version 6.0.0.1

Language: PHP

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version v6_0_0_1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: