Cross Site Scripting (reflected) on fee_sheet_ajax.php in openemr/openemr
Aug 18th 2022
When testing the app for XSS we found out that the fee_sheet_ajax.php endpoint is actually vulnerable to an XSS exploit.
- visit https://<openemr-instance>/interface/forms/fee_sheet/review/fee_sheet_ajax.php?task=retrieve&mode=encounters&prev_encounter=%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E
Add text() to https://github.com/openemr/openemr/blob/master/interface/forms/fee_sheet/review/fee_sheet_ajax.php#L65
The impact of an exploited XSS vulnerability varies a lot. It ranges from Session Hijacking to the disclosure of sensitive data, CSRF attacks and more. By exploiting a cross-site scripting vulnerability an attacker can impersonate the victim and take over the account. If the victim has administrative rights it might even lead to code execution on the server, depending on the application and the privileges of the account.