Reflected XSS in interface/forms/eye_mag/js/eye_base.php in openemr/openemr
Mar 30th 2023
There exist a reflected XSS in /interface/forms/eye_mag/js/eye_base.php in the 'providerID' parameter.
Proof of Concept
properly sanitize the providerID parameter.
An XSS can be leveraged to take over arbitrary accounts or make actions on behalf of other users.