Vulnerability Details CVE-2019-16862
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.063
EPSS Ranking 90.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2019-16862
-
cpe:2.3:a:open-emr:openemr:5.0.0
-
cpe:2.3:a:open-emr:openemr:5.0.0.5
-
cpe:2.3:a:open-emr:openemr:5.0.0.6
-
cpe:2.3:a:open-emr:openemr:5.0.1
-
cpe:2.3:a:open-emr:openemr:5.0.1-6
-
cpe:2.3:a:open-emr:openemr:5.0.1.1
-
cpe:2.3:a:open-emr:openemr:5.0.1.2
-
cpe:2.3:a:open-emr:openemr:5.0.1.3
-
cpe:2.3:a:open-emr:openemr:5.0.1.4
-
cpe:2.3:a:open-emr:openemr:5.0.1.5
-
cpe:2.3:a:open-emr:openemr:5.0.1.6
-
cpe:2.3:a:open-emr:openemr:5.0.1.7
-
cpe:2.3:a:open-emr:openemr:5.0.2