CVE-2020-14492 MEDIUM

CVE-2020-14492: OpenClinic GA

Vendor Open Source

Product OpenClinic GA

Weakness CWE-79 · XSS

Published July 29, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.

Key dates

02Disclosure timeline

July 29, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-14492 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2025-9169 SolidInvoice Quote quotes cross site scripting CVE-2024-5897 SourceCodester Employee and Visitor Gate Pass Logging System cross site scripting CVE-2022-22352 IBM Sterling B2B Integrator Standard Edition cross-site scripting CVE-2025-32530 WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2020-14492

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Open Source

Product OpenClinic GA

Affected 5.09.02

Vendor Open Source

Product OpenClinic GA

Affected 5.89.05b