OpenMRS Multiple Security Vulnerabilities

OpenMRS is prone to the following vulnerabilities:

1. Multiple HTML-injection vulnerabilities.
2. Multiple cross-site scripting vulnerabilities.
3. A cross-site request-forgery vulnerability.
4. An access-bypass vulnerability.

Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform actions in the vulnerable application in the context of the victim.

OpenMRS 2.1 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus