Vulnerability Details : CVE-2021-4284
A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 811990972ea07649ae33c4b56c61c3b520895f07. It is recommended to upgrade the affected component. The identifier VDB-216873 was assigned to this vulnerability.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2021-4284
- cpe:2.3:a:openmrs:htmlformentryui:*:*:*:*:*:openmrs:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-4284
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4284
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
2.1
|
1.4
|
VulDB | |
3.5
|
LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
2.1
|
1.4
|
VulDB | 2024-02-29 |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2021-4284
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: cna@vuldb.com (Primary)
References for CVE-2021-4284
-
https://vuldb.com/?ctiid.216873
CVE-2021-4284 | OpenMRS HTML Form Entry UI Framework Integration Module cross site scripting (ID 51)Third Party Advisory
-
https://vuldb.com/?id.216873
CVE-2021-4284 | OpenMRS HTML Form Entry UI Framework Integration Module cross site scripting (ID 51)Third Party Advisory
-
https://github.com/openmrs/openmrs-module-htmlformentryui/releases/tag/2.0.0
Release 2.0.0 · openmrs/openmrs-module-htmlformentryui · GitHubRelease Notes;Third Party Advisory
-
https://issues.openmrs.org/browse/RA-1424?filter=-1
Log in - OpenMRS IssuesIssue Tracking;Permissions Required;Vendor Advisory
-
https://github.com/openmrs/openmrs-module-htmlformentryui/pull/51
Ra 1424: escapeJs is vulnerable to XSS attacks by jnsereko · Pull Request #51 · openmrs/openmrs-module-htmlformentryui · GitHubPatch;Third Party Advisory
-
https://github.com/openmrs/openmrs-module-htmlformentryui/commit/811990972ea07649ae33c4b56c61c3b520895f07
Ra 1424: escapeJs is vulnerable to XSS attacks (#51) · openmrs/openmrs-module-htmlformentryui@8119909 · GitHubPatch;Third Party Advisory
Jump to