CVE-2022-4615 HIGH

CVE-2022-4615: Cross-site Scripting (XSS) - Reflected in openemr/openemr

Vendor Openemr
Product openemr/openemr
Weakness CWE-79 · XSS
Published December 19, 2022
Last update April 14, 2025
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Key dates

02Disclosure timeline

December 19, 2022 CVE published
April 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-47509 WordPress Top 10 plugin <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability CVE-2020-3589 Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2023-49813 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Cross Site Scripting (XSS) CVE-2024-13462 WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-47373 WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability