What the vulnerability does
01Description
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2949
HIGH
CVE-2023-2949: Cross-site Scripting (XSS) - Reflected in openemr/openemr
CVSS base score
8.3/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Key dates
02Disclosure timeline
May 28, 2023
CVE published
January 14, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-32557 WordPress WP Featured Screenshot Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2020-6804 XSS in Mozilla WebThings Gateway
CVE-2022-0375 Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
CVE-2021-36866 WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
CVE-2018-0407
