OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2020-18 | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-04-17 12:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-5728
Mitre link : CVE-2020-5728
JSON object : View
CWE
Products Affected
openmrs
- openmrs