Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2022-4733 – OpenEmr

Stored XSS

Openemr has a feature to customize the “User Manual Link Override” , due to a bad sanitization it allows to put javascript:// scheme which allows to execute javascript code.

POC – Proof of concept

  • login with admin
  • go on Global Settings – Branding
  • Edit User Manual Link Override Field
  • insert the payload
  • logout with admin
  • login as any user and go on “About OpenEMR”
  • Click User Manual Button
PAYLOAD: javascript:alert(document.cookie)

Impact

If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.

Severity

https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Reference

https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd/

https://nvd.nist.gov/vuln/detail/CVE-2022-4733

https://huntr.dev/repos/openemr/openemr