Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2021-25921

Description

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.

POC

Reference

- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25921

Github

No PoCs found on GitHub currently.