Skip to main content

Openmrs CVE-2020-5730

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-04-17 vulnreport@tenable.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 17, 2020 - 19:15 nvd
MEDIUM 6.1

DescriptionNVD

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.

AnalysisAI

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Affected products include: Openmrs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-12796 CRITICAL POC
9.8 Oct 23

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.

CVE-2022-23612 HIGH POC
7.5 Feb 22

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical rec

CVE-2014-8073 MEDIUM POC
6.8 Oct 23

Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the

CVE-2020-5733 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login pag

CVE-2020-5732 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page

CVE-2020-5731 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medi

CVE-2020-5729 MEDIUM POC
6.1 Apr 17

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which

CVE-2020-5728 MEDIUM POC
6.1 Apr 17

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (suc

CVE-2025-25925 MEDIUM POC
4.8 Mar 11

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web sc

CVE-2014-8071 MEDIUM POC
4.3 Oct 23

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject a

CVE-2014-8072 MEDIUM POC
4.0 Oct 23

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via

Share

CVE-2020-5730 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy