virus logo Intrusion Prevention

OpenEMR.eye_mag_functions.php.Reflected.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Error Vulnerability in OpenEMR.
This vulnerability is due to improper input validation for the eye_mag_functions.php endpoint. A remote, authenticated attacker could exploit this vulnerability by issuing malicious requests on user's behalf. Successfully exploiting this vulnerability could result in unauthenticated, arbitrary code execution in the context of the victim's browser.

affected-products-logoAffected Products

OpenEMR prior to 7.0.0.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-02-22 22.500 Default_action:pass:drop
2023-02-07 22.490
ID 52606
Created Feb 06, 2023
Updated Aug 02, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app