Vulnerability in Openemr
CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
EPSS: 0.535 (98.9th percentile) — read the EPSS interpretation.
Affected products
- N/a Openemr — versions 5.0.1 and earlier
References
- www.tenable.com/security/research/tra-2019-40 (x_refsource_MISC)