CVE-2021-25921

Overview

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.

Details

The module `OpenEMR` can be abused by Stored Cross-Site Scripting vulnerability since it performs improper validation on the input sent to the allergies `Title` field of patient details, before rendering the patient details in the reports page. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.

PoC Details

Login as administrator to the OpenEMR application. After login, create a new patient. After creating a new patient the site will navigate to the Medical Record Dashboard screen. Here click on `edit` of Allergies option to add medical details of the patient. Then click on the Add button to add allergies related medical issues of the patient. Select the issue type and place the given payload in this title field, then click on the save button.Then navigate to Reports tab in the Dashboard which displays the patient's details as a report, and the appended payload will get executed here.

PoC Code

<svg onload="javascript:alert('Stored XSS in add allergies title field of patient details')" xmlns="#"></svg>

Affected Environments

2.7.3-rc1 - 6.0.0

Prevention

Upgrade to version 6.0.0.1