CVE-2021-4292

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-4292
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4292.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-4292
Published
2022-12-27T23:15:10.747Z
Modified
2026-03-15T22:42:08.181433Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 4f8565425b7c74128dec9ca46dfbb9a3c1c24911. It is recommended to upgrade the affected component. The identifier VDB-216917 was assigned to this vulnerability.

References

Affected packages

Git / github.com/openmrs/openmrs-module-adminui

Affected ranges

Type
GIT
Repo
https://github.com/openmrs/openmrs-module-adminui
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a80b42c955d80d5cd1e2c9c4266483b9444e10ae
Fixed
4f8565425b7c74128dec9ca46dfbb9a3c1c24911
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.0"
        }
    ]
}

Affected versions

1.*
1.0
1.1
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.4.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4292.json"