Details

    • Complexity:
      Medium

      Description

      When editing forms in OpenMRS, information about the form and fields (names and descriptions) are not escaped, allowing XSS attacks.

      credit: Lauren

      At this URL (as of 1.9.x): /openmrs/admin/forms/formEdit.form

        Gliffy Diagrams

          Attachments

            Attachments-Category-Modification

              Activity

                People

                • Assignee:
                  sharonvarghese Sharon Varghese
                  Reporter:
                  burke Burke Mamlin
                  Watchers:
                  Burke Mamlin, Chris Niesel, Daniel Kayiwa, Darius Jazayeri, Lluis Martinez, Sharon Varghese
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 4 hours
                    4h
                    Remaining:
                    Time Spent - 2 hours Remaining Estimate - 2 hours
                    2h
                    Logged:
                    Time Spent - 2 hours Remaining Estimate - 2 hours
                    2h