CVE-2020-14492

Summary

OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.

Affected Software

VendorProductVersion RangeStatus
open sourceOpenClinic GA5.09.02affected
open sourceOpenClinic GA5.89.05baffected

Weaknesses

  • CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79

Workarounds

OpenClinic GA is aware of these vulnerabilities but has not provided any confirmation of their resolution. Please upgrade to the latest version to ensure you have all current fixes.

ADP Enrichment

CVE Program Container

Additional References

References