CVE-2025-30149

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3.

Related Vulnerabilities

CVE-2015-9426

MEDIUM
CVSS:4.6(Medium)

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.

CWE-792015

CVE-2018-8815

MEDIUM
CVSS:4.6(Medium)

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

CWE-792018

CVE-2019-16295

MEDIUM
CVSS:4.6(Medium)

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename w...

CWE-792019

CVE-2019-3889

MEDIUM
CVSS:4.6(Medium)

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11....

CWE-792019

CVE-2020-4691

MEDIUM
CVSS:4.6(Medium)

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

CWE-792020

CVE-2020-7301

MEDIUM
CVSS:4.6(Medium)

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case managemen...

CWE-792020