CVE-2024-0875

Source
https://cve.org/CVERecord?id=CVE-2024-0875
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0875.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0875
Published
2024-11-15T10:57:25.334Z
Modified
2026-07-08T07:34:13.805465361Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Stored XSS in openemr/openemr
Details

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0875.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/openemr/openemr

Affected ranges

Type
GIT
Repo
https://github.com/openemr/openemr
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:open-emr:openemr:7.0.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.1"
        },
        {
            "last_affected": "7.0.1"
        }
    ]
}

Affected versions

7.*
7.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0875.json"