We found results for “


Date: March 22, 2021


In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.


There is a Reflected Cross-Site Scripting vulnerability in “OpenEMR” at `/interface/orders/patient_match_dialog.php?key=1` endpoint in “key” query parameter. The “key" parameter is not sufficiently sanitized, allowing JavaScript to be inserted in the URL. The user-controlled parameter is sanitized using the addSlashes() method, but the attacker could bypass this by using the `String.fromCharCode()` to make a more complex exploit.

PoC Details

Login as administrator to the OpenEMR application. After login, go to the `interface/orders/patient_match_dialog.php?key=1` endpoint. Test the vulnerability by changing the value of `key` parameter in the URL to the below provided payload and press enter.

PoC Code


Affected Environments



Upgrade to version

Language: PHP

Good to know:


Cross-Site Scripting (XSS)


Upgrade Version

Upgrade to version v6_0_0_1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: