cbcvebase.
CVE-2023-2949
published 2023-05-28

CVE-2023-2949: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.47%
70.5th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
open-emropenemr< 7.0.17.0.1
openemropenemr_openemr>= unspecified < 7.0.17.0.1

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: CVE-2023-2949 OpenEMR Reflected XSS
condition: and
  • Target application is OpenEMR; look for reflected XSS payloads in HTTP requests to OpenEMR endpoints on versions prior to 7.0.1
  • Detection rule targets the 'openemr' product; correlate with Sigma rule digest 490a0046...bccacbd:922c64590222798bb761d5b6d8e72950 for rule integrity verification
  • ·The Sigma rule source document (DOC 2) is incomplete — the rule body, logsource, and detection field definitions are truncated. The only recoverable fields are the product tag ('openemr') and the condition ('and'). Full rule logic cannot be reconstructed from the provided source.
  • ·No specific malicious URLs, IPs, hashes, or payload strings were present in the provided source documents. Operational indicators are limited to what was explicitly quoted.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.