VDB-216915 · CVE-2020-36635 · ID 32

OpenMRS Appointment Scheduling Module do 1.12.x AppointmentTypeValidator.java validateFieldName cross site scripting

Podatność została odkryta w OpenMRS Appointment Scheduling Module do 1.12.x. Dotknięta jest funkcja validateFieldName w pliku api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. Poprzez manipulowanie przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności cross site scripting. Raport na temat podatności został udostępniony pod adresem github.com. Podatność ta została oznaczona identyfikatorem CVE-2020-36635. Atak może zostać zainicjowany zdalnie. Techniczne szczegóły są znane. Uważa się go za nie określono. Aktualizacja do wersji 1.13.0 eliminuje tę podatność. Aktualizacja jest dostępna pod adresem github.com. Poprawka jet dostępna pod adresem github.com. Sugeruje się, że najlepszym zabezpieczeniem jest aktualizacja do najnowszej wersji. Potencjalne zabezpieczenie zostało opublikowane przed po ujawnieniu podatności.

Pole	2022-12-27 23:56	2023-01-25 10:04	2023-01-25 10:07
vendor	OpenMRS	OpenMRS	OpenMRS
name	Appointment Scheduling Module	Appointment Scheduling Module	Appointment Scheduling Module
version	<=1.12.x	<=1.12.x	<=1.12.x
file	api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java	api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java	api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java
function	validateFieldName	validateFieldName	validateFieldName
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	32	32	32
url	https://github.com/openmrs/openmrs-module-appointmentscheduling/pull/32	https://github.com/openmrs/openmrs-module-appointmentscheduling/pull/32	https://github.com/openmrs/openmrs-module-appointmentscheduling/pull/32
name	Upgrade	Upgrade	Upgrade
upgrade_version	1.13.0	1.13.0	1.13.0
upgrade_url	https://github.com/openmrs/openmrs-module-appointmentscheduling/releases/tag/1.13.0	https://github.com/openmrs/openmrs-module-appointmentscheduling/releases/tag/1.13.0	https://github.com/openmrs/openmrs-module-appointmentscheduling/releases/tag/1.13.0
patch_name	34213c3f6ea22df427573076fb62744694f601d8	34213c3f6ea22df427573076fb62744694f601d8	34213c3f6ea22df427573076fb62744694f601d8
patch_url	https://github.com/openmrs/openmrs-module-appointmentscheduling/commit/34213c3f6ea22df427573076fb62744694f601d8	https://github.com/openmrs/openmrs-module-appointmentscheduling/commit/34213c3f6ea22df427573076fb62744694f601d8	https://github.com/openmrs/openmrs-module-appointmentscheduling/commit/34213c3f6ea22df427573076fb62744694f601d8
cve	CVE-2020-36635	CVE-2020-36635	CVE-2020-36635
responsible	VulDB	VulDB	VulDB
date	1672095600 (2022-12-27)	1672095600 (2022-12-27)	1672095600 (2022-12-27)
type	Appointment Software	Appointment Software	Appointment Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.1
cvss3_meta_tempscore	3.4	3.4	4.1
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1672095600 (2022-12-27)	1672095600 (2022-12-27)
cve_nvd_summary		A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915.	A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			5.4
cvss3_cna_basescore			3.5

◂ Poprzedni Przegląd Kolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!