CVE-2024-0875

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-79
View all →

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

Related Vulnerabilities

CVE-2017-8899

HIGH
CVSS:8.1(High)

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by...

CWE-792017

CVE-2019-10905

HIGH
CVSS:8.1(High)

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the c...

CWE-792019

CVE-2019-11215

HIGH
CVSS:8.1(High)

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many con...

CWE-792019

CVE-2019-17337

HIGH
CVSS:8.1(High)

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t...

CWE-792019

CVE-2019-19821

HIGH
CVSS:8.1(High)

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not ...

CWE-792019

CVE-2020-15273

HIGH
CVSS:8.1(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registrat...

CWE-792020