Vulnerability Description
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclinicalworks | Population Health | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/537420/100/0/threadedExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39402/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/135533/eClinicalWorks-Population-Health-CCMExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/537420/100/0/threadedExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39402/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4591?
CVE-2015-4591 is a vulnerability with a CVSS score of 6.1 (MEDIUM). eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage param...
How severe is CVE-2015-4591?
CVE-2015-4591 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4591?
Check the references section above for vendor advisories and patch information. Affected products include: Eclinicalworks Population Health.