OpenMRS AppSched Module XSS (VDB-216741) Pre 1.17.0 NotesHandler
CVE-2022-4727 Published on December 27, 2022

OpenMRS Appointment Scheduling Module Notes AppointmentRequest.java getNotes cross site scripting
A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation of the argument notes leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.17.0 is able to address this issue. The name of the patch is 2ccbe39c020809765de41eeb8ee4c70b5ec49cc8. It is recommended to upgrade the affected component. The identifier VDB-216741 was assigned to this vulnerability.

NVD

Vulnerability Analysis

CVE-2022-4727 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Products Associated with CVE-2022-4727

Want to know whenever a new CVE is published for Openmrs Appointment Scheduling Module? stack.watch will email you.

Openmrs Appointment Scheduling Module

Affected Versions

OpenMRS Appointment Scheduling Module:

Version 1.0 is affected.
Version 1.1 is affected.
Version 1.2 is affected.
Version 1.3 is affected.
Version 1.4 is affected.
Version 1.5 is affected.
Version 1.6 is affected.
Version 1.7 is affected.
Version 1.8 is affected.
Version 1.9 is affected.
Version 1.10 is affected.
Version 1.11 is affected.
Version 1.12 is affected.
Version 1.13 is affected.
Version 1.14 is affected.
Version 1.15 is affected.
Version 1.16 is affected.

Exploit Probability

EPSS

0.27%

Percentile

50.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.