CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7990

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://github.com/openmrs/openmrs-module-reporting/pull/141/commits/0023a659288538d2763835847d3414ecb18b931a#diff-50e25eddc5909110fa3d31090877c2fd
https://www.youtube.com/watch?v=pfrIaNvIuFY
https://github.com/openmrs/openmrs-module-reporting/pull/141/commits/0023a659288538d2763835847d3414ecb18b931a#diff-50e25eddc5909110fa3d31090877c2fd
https://www.youtube.com/watch?v=pfrIaNvIuFY

Products affected by CVE-2017-7990

Openmrs » Openmrs Module Reporting » Version: 1.12.0

cpe:2.3:a:openmrs:openmrs_module_reporting:1.12.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7990

Products

Pricing

Contact Us