Details
-
Bug
-
Status: Closed
-
Could
-
Resolution: Fixed
-
OpenMRS 1.9.3
-
None
Description
When editing forms in OpenMRS, information about the form and fields (names and descriptions) are not escaped, allowing XSS attacks.
credit: Lauren
At this URL (as of 1.9.x): /openmrs/admin/forms/formEdit.form