{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2018-04-30T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-06-13T16:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051"},{"tags":["x_refsource_MISC"],"url":"https://github.com/openemr/openemr/issues/1518"},{"tags":["x_refsource_MISC"],"url":"https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1"},{"tags":["x_refsource_MISC"],"url":"https://github.com/openemr/openemr/pull/1519"},{"tags":["x_refsource_MISC"],"url":"https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-10571","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051","refsource":"MISC","url":"https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051"},{"name":"https://github.com/openemr/openemr/issues/1518","refsource":"MISC","url":"https://github.com/openemr/openemr/issues/1518"},{"name":"https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1","refsource":"MISC","url":"https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1"},{"name":"https://github.com/openemr/openemr/pull/1519","refsource":"MISC","url":"https://github.com/openemr/openemr/pull/1519"},{"name":"https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90/","refsource":"MISC","url":"https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T07:39:08.019Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/openemr/openemr/issues/1518"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/openemr/openemr/pull/1519"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90/"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2018-10571","datePublished":"2018-04-30T17:00:00.000Z","dateReserved":"2018-04-30T00:00:00.000Z","dateUpdated":"2024-08-05T07:39:08.019Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}