OpenEMR Stored Cross-Site Scripting Vulnerability in Billing UB04 Helper

A stored cross-site scripting vulnerability has been identified in OpenEMR versions 5.0.0.5 prior to 7.0.4, within the UB04 helper of the billing interface. The issue arises because the variable `$data` is passed to a click event handler without proper sanitization, allowing malicious users to inject JavaScript payloads. This vulnerability enables low-privileged users to execute scripts that are stored on the server, potentially leading to the theft of session cookies and unauthorized actions as an administrator.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, a user must have the 'authorized' property set to 1. They can then inject a payload into the 'fname' or 'lname' fields of their account. Once the payload is saved, accessing the UB04 helper in the billing interface will trigger the execution of the injected script.

Remediation

Users can update to OpenEMR version 7.0.4 or later, where this vulnerability has been patched.