TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-67491

MEDIUM
5.4

Descricao

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable `$data` is passed in a click event handler enclosed in single quotes without proper sanitization. Thus, despite `json_encode` a malicious user can still inject a payload such as ` ac' ><img src=x onerror=alert(document.cookie)> ` to trigger the bug. This vulnerability allows low privileged users to embed malicious JS payloads on the server and perform stored XSS attack. This, in turn makes it possible for malicious users to steal the session cookies and perform unauthorized actions impersonating administrators. Version 7.0.4 patches the issue.

Detalhes CVE

Pontuacao CVSS v3.15.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado2/25/2026
Ultima modificacao2/25/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

open-emr:openemr

Fraquezas (CWE)

CWE-79

Referencias

https://github.com/openemr/openemr/blob/a65b11d8b8e973b8758ce0dc3efb4b6ec0466d85/interface/billing/ub04_helpers.php#L52-L60(security-advisories@github.com)
https://github.com/openemr/openemr/commit/66a11c2d72ade16c4a908cd839d27cd7b261f97a(security-advisories@github.com)
https://github.com/openemr/openemr/security/advisories/GHSA-5fq8-jwvw-3m5w(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.