MEDIUM
Open Emr
CVE published 2017-03-02
CVE-2017-6394
CVE-2017-6394 describes multiple cross-site scripting issues in OpenEMR tied to insufficient filtering of user-supplied data in the gacl admin object_search.php endpoint. The vulnerability is reported against OpenEMR 5.0.0 and 5.0.1-dev, and the NVD record classifies it as CVSS 3.1 6.1 (Medium). Because the attack requires only a crafted request and user interaction, organizations should treat any exposed [truncated]