OpenEMR Unescaped Translation Function Vulnerability Leading to Cross-Site Scripting

A vulnerability in OpenEMR prior to version 8.0.0 allows for cross-site scripting (XSS) due to the `xl()` translation function returning unescaped strings. Although there are wrapper functions for escaping in various contexts, certain areas in the codebase use `xl()` output directly without proper escaping. This issue could be exploited if an attacker inserts malicious content into the translation database.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing an attacker to inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by using the `xl()` function in a context that does not escape the output, such as in the Smarty `{xl}` plugin, XML generation in `AclExtended.php`, or various controllers and templates. This unescaped output can then be exploited if malicious content has been injected into the translation database.

Remediation

Users can update to OpenEMR version 8.0.0 or later, where this vulnerability has been fixed.