CVE-2019-3964

Summary

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

Affected Software

VendorProductVersion RangeStatus
n/aOpenEMR5.0.1 and earlieraffected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References