CVE-2024-0875

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-0875
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0875.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0875
Published
2024-11-15T11:15:09.490Z
Modified
2026-04-10T05:07:59.990482Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

References

Affected packages

Git / github.com/openemr/openemr

Affected ranges

Type
GIT
Repo
https://github.com/openemr/openemr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6abd4c8c6ef86d2b018b274a33037f533439487d
Fixed
d141d2ca06fb2171a202c7302dd5d5af8539f255
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1"
        }
    ]
}

Affected versions

Other
v2_7_2
v2_7_2-rc1
v2_7_2-rc2
v2_7_3-rc1
v2_8_0
v2_8_1
v2_8_2
v2_8_3
v2_9_0
v3_0_0
v3_0_1
v7_0_1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0875.json"