Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-40374. PoCs published by DCKento.
AI-analyzed exploit summary This repository contains a writeup detailing a stored XSS vulnerability in OpenEyes 3.5.1, where the 'Address1' parameter allows JavaScript injection. The PoC demonstrates how an attacker can embed malicious scripts to execute arbitrary JavaScript in the context of a user's browser.
Description
A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack.
Exploits (1)
This repository contains a writeup detailing a stored XSS vulnerability in OpenEyes 3.5.1, where the 'Address1' parameter allows JavaScript injection. The PoC demonstrates how an attacker can embed malicious scripts to execute arbitrary JavaScript in the context of a user's browser.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N