CVE-2018-1000218: XSS
First published: Mon Aug 20 2018(Updated: )
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenEMR | =5.0.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1000218?
CVE-2018-1000218 has a medium severity rating due to its potential for exploitation via Cross Site Scripting (XSS).
How do I fix CVE-2018-1000218?
To fix CVE-2018-1000218, upgrade to a version of OpenEMR that has addressed this XSS vulnerability since version 5.0.1.4.
What is the nature of the vulnerability in CVE-2018-1000218?
CVE-2018-1000218 is a Cross Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary web scripts or HTML.
Who is affected by CVE-2018-1000218?
CVE-2018-1000218 affects users of OpenEMR version 5.0.1.4.
Is CVE-2018-1000218 easy to exploit?
Yes, CVE-2018-1000218 appears to be exploitable by remote authenticated attackers.
- agent/type
- agent/references
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/open-emr
- canonical/openemr
- version/openemr/5.0.1.4