Headline
CVE-2022-4615: Cross Site Scripting (reflected) on fee_sheet_ajax.php in openemr
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Description
When testing the app for XSS we found out that the fee_sheet_ajax.php endpoint is actually vulnerable to an XSS exploit.
PoC
- visit https://<openemr-instance>/interface/forms/fee_sheet/review/fee_sheet_ajax.php?task=retrieve&mode=encounters&prev_encounter=%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E
OWASP Category
A03:2021-Injection
Remediation
Add text() to https://github.com/openemr/openemr/blob/master/interface/forms/fee_sheet/review/fee_sheet_ajax.php#L65
Impact
The impact of an exploited XSS vulnerability varies a lot. It ranges from Session Hijacking to the disclosure of sensitive data, CSRF attacks and more. By exploiting a cross-site scripting vulnerability an attacker can impersonate the victim and take over the account. If the victim has administrative rights it might even lead to code execution on the server, depending on the application and the privileges of the account.
Occurrences