CVE-2018-10571
- Source
- https://cve.org/CVERecord?id=CVE-2018-10571
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10571.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-10571
- Published
- 2018-04-30T17:29:00.220Z
- Modified
- 2026-04-10T04:03:57.939460Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/findernavigation.php; (2) key parameter to interface/billing/getclaimfile.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) posttodate, (8) depositdate, (9) debug, or (10) InsId parameter to interface/billing/sleobprocess.php; (11) formsource, (12) formpaydate, (13) formdepositdate, (14) formamount, (15) formname, (16) formpid, (17) formencounter, (18) formdate, or (19) formtodate parameter to interface/billing/sleobsearch.php; (20) codetype or (21) searchterm parameter to interface/deidentificationforms/findcodepopup.php; (22) searchterm parameter to interface/deidentificationforms/finddrugpopup.php; (23) searchterm parameter to interface/deidentificationforms/findimmunizationpopup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) listid parameter to library/customtemplate/personalize.php.
- References
-
- https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90/
- https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1
- https://github.com/openemr/openemr/issues/1518
- https://github.com/openemr/openemr/pull/1519
- https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051