CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

**Description**

openemr / openemr is vulnerable to Cross-site Scripting (XSS) - Stored

**Proof of Concept**

    // Poc 
    <script>alert(document.cookie)</script>
    

steps to reproduce:

    1) login open emr patient portal https://demo.openemr.io/openemr/portal/index.php
    
    2) goto my profile in https://demo.openemr.io/openemr/portal/home.php
    
    ​3)click on pending review.
    
    4)add the payload in the first name /middle name  (<script>alert(document.cookie)</script>)
    
    5) click  submit changes
    
    6) after that we get an with Error: Patient was successfully updated
    
    7) on clicking  pending review  the xss wil be triggered
    

**Impact**

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.

Headline

CVE-2022-2494: Cross-site Scripting (XSS) - Stored in openemr

CVE: Latest News