OpenEMR 4.1.1 (site param) Remote XSS Vulnerability


Vendor: OpenEMR
Product web page: http://www.open-emr.org
Affected version: 4.1.1

Summary: OpenEMR is a Free and Open Source electronic health records and medical
practice management application that can run on Windows, Linux, Mac OS X, and many
other platforms.

Desc: OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied
input to the 'site' GET parameter in the central 'globals.php' script which is called by
every script. Attackers can exploit this weakness to execute arbitrary HTML and script
code in a user's browser session.


Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Apache 2.4.2 (Win32)
           PHP 5.4.4
           MySQL 5.5.25a


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2013-5129
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5129.php

Vendor: http://www.open-emr.org/wiki/index.php/OpenEMR_Patches


09.02.2013

--


http://localhost/openemr/[DIR]/[SCRIPT]?site="><script>alert(1);</script>