CVE-2025-30161
OpenEMR Stored XSS in OpenEMR Bronchitis Form
OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
openemr · openemrQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/openemr/openemr/blob/17ca5539bafcdc25a9042ebc14480552e07867e4/interface/forms/bronchitis/view.php#L102-L103https://github.com/openemr/openemr/blob/17ca5539bafcdc25a9042ebc14480552e07867e4/interface/forms/bronchitis/view.php#L303-L304https://github.com/openemr/openemr/security/advisories/GHSA-59rv-645x-rg6p