oss-sec mailing list archives

CVE Request: Reflected XSS in OpenMRS Login Page

From: David Dworken <david () daviddworken com>
Date: Mon, 21 Dec 2015 22:06:56 -0500

Hello,

OpenMRS has a reflected XSS vulnerability in the login page that is
exploitable through injection into the referer header.

Patch:
https://github.com/ddworken/openmrs-module-referenceapplication/commit/65fefcb8dfbd069ca611ab3f17084fd8dc92a048

Thanks,
David Dworken

Current thread:

CVE Request: Reflected XSS in OpenMRS Login Page David Dworken (Dec 21)