Back to search
CVE-2021-40374
Published: Apr 6, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://openeyes.apperta.org/
x_refsource_MISC
https://github.com/DCKento/CVE-2021-40374
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now