CVE-2017-7990

HIGH

OpenMRS Reporting Module 1.12.0 - Cross-Site Request Forgery with Stored Cross-Site Scripting via Report Name Field

Title source: llm
STIX 2.1

Description

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.

Scores

CVSS v3 8.8
EPSS 0.0111
EPSS Percentile 62.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
openmrs/openmrs_module_reporting 1.12.0
Published Apr 21, 2017
Tracked Since Feb 18, 2026