OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

2013.02.21

Credit: Gjoko 'LiquidWorm' Krstic

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

Vendor: OpenEMR
Product web page: http://www.open-emr.org
Affected version: 4.1.1

Summary: OpenEMR is a Free and Open Source electronic health records and medical
practice management application that can run on Windows, Linux, Mac OS X, and many
other platforms.

Desc: OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied
input to the 'site' GET parameter in the central 'globals.php' script which is called by
every script. Attackers can exploit this weakness to execute arbitrary HTML and script
code in a user's browser session.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Apache 2.4.2 (Win32)
           PHP 5.4.4
           MySQL 5.5.25a

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience

Advisory ID: ZSL-2013-5129
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5129.php

Vendor: http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

09.02.2013

--

http://localhost/openemr/[DIR]/[SCRIPT]?site="><script>alert(1);</script>

References:

http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5129.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.