CVE-2025-29772
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-29772
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-29772.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-29772
- Aliases
-
- GHSA-89gp-g4c9-hv8h
- Published
- 2025-03-31T16:03:32.711Z
- Modified
- 2025-12-05T08:54:11.382401Z
- Severity
-
- 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenEMR allows Reflected XSS in CAMOS new.php
- Details
-
OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/29xxx/CVE-2025-29772.json", "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M" }- References