CVE-2021-4289

Summary

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883.

Affected Software

VendorProductVersion RangeStatus
OpenMRSopenmrs-module-referenceapplication2.0affected
OpenMRSopenmrs-module-referenceapplication2.1affected
OpenMRSopenmrs-module-referenceapplication2.2affected
OpenMRSopenmrs-module-referenceapplication2.3affected
OpenMRSopenmrs-module-referenceapplication2.4affected
OpenMRSopenmrs-module-referenceapplication2.5affected
OpenMRSopenmrs-module-referenceapplication2.6affected
OpenMRSopenmrs-module-referenceapplication2.7affected
OpenMRSopenmrs-module-referenceapplication2.8affected
OpenMRSopenmrs-module-referenceapplication2.9affected
OpenMRSopenmrs-module-referenceapplication2.10affected
OpenMRSopenmrs-module-referenceapplication2.11affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References