OpenEMR Reflected Cross-Site Scripting Vulnerability in CAMOS New.php

A reflected cross-site scripting vulnerability has been identified in OpenEMR versions prior to 7.0.3. The issue arises in the CAMOS 'new.php' file, where the POST parameter 'hidden_subcategory' is output to the page without proper sanitization. This flaw allows attackers to inject malicious scripts that are executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute scripts in the victim's browser, potentially leading to session hijacking or unauthorized access to sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to 'new.php' in the CAMOS forms directory with the 'hidden_subcategory' parameter set to a crafted value, such as an image tag (with an invalid image source) using an 'onerror' attribute. The injected script will be executed when the response is rendered in the browser.

Remediation

Users can upgrade to OpenEMR version 7.0.3 or later to address this vulnerability.