CVE-2013-4620
OpenEMR 4.1.1 - Cross-Site Scripting via Office Comments Note Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-4620. PoCs published by Nate Drier.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in OpenEMR 4.1.1 patch-12 and prior. The 'note' parameter in a POST request to '/openemr-4.1.1/interface/main/onotes/office_comments_full.php' is vulnerable, allowing attacker-supplied HTML and script code to execute in the context of the affected browser.
Description
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in OpenEMR 4.1.1 patch-12 and prior. The 'note' parameter in a POST request to '/openemr-4.1.1/interface/main/onotes/office_comments_full.php' is vulnerable, allowing attacker-supplied HTML and script code to execute in the context of the affected browser.