CVE-2021-25917

Published: Mar 22, 2021

Modified: Apr 30, 2025

PUBLISHED

Description

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.

Vendor	Product	Versions
n/a	openemr	affected `5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 6.0.0`

References

https://github.com/openemr/openemr/commit/0fadc3e592d84bc9dfe9e0403f8bd6e3c7d8427f

x_refsource_MISC

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25917

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-25917

Description

Affected Products

References