CVE-2022-2733
published 2022-08-09CVE-2022-2733: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
PriorityP356medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
95.84%
99.9th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_vim_8.2.5064-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_vim_8.2.5064-1_on_cbl_mariner_1.0 | — | — |
| open-emr | openemr | < 7.0.0.1 | 7.0.0.1 |
| openemr | openemr_openemr | >= unspecified < 7.0.0.1 | 7.0.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
otherpricelevel
- →Probe for reflected XSS via the 'pricelevel' parameter in OpenEMR prior to 7.0.0.1; a 200 HTTP response with Content-Type text/html indicates a potentially vulnerable endpoint.
- ·Vulnerability affects OpenEMR versions prior to 7.0.0.1 only; patched in 7.0.0.1 and later. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5376-hj3w-gxw6: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7
ghsa_unreviewed·2022-08-10
CVE-2022-2733 CWE-79 GHSA-5376-hj3w-gxw6: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Red Hat
vim: NULL pointer dereference in vim_regexec_string() of regexp.c
vendor_redhat·2022-05-12·CVSS 5.5
CVE-2022-1674 [MEDIUM] CWE-476 vim: NULL pointer dereference in vim_regexec_string() of regexp.c
vim: NULL pointer dereference in vim_regexec_string() of regexp.c
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.
Statement: All versions of Vim shipped with Red Hat Enterprise Linux are n
Microsoft
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
vendor_msrc·2022-05-10·CVSS 5.5
CVE-2022-1674 [MEDIUM] CWE-476 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
@huntrdev: @huntrdev
Customer Action Required: Yes
Remediation: CBL-Marine
No detection rules found.
Nuclei
Openemr < 7.0.0.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-2733 [MEDIUM] Openemr < 7.0.0.1 - Cross-Site Scripting
Openemr '
- 'pricelevel'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022050bee0e4c0209f6f9b170213c2ca00cb0c12b0523c484a61e45f83f6326783fd022100be49e8c7568f713f708daf39474d6b1f0a05f6a26fe1f711e1458939faf72906:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-08-09
Published