{"api_version":"1","generated_at":"2026-05-06T10:28:21+00:00","cve":"CVE-2021-4289","urls":{"html":"https://cve.report/CVE-2021-4289","api":"https://cve.report/api/cve/CVE-2021-4289.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-4289","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-4289"},"summary":{"title":"CVE-2021-4289","description":"A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2022-12-27 13:15:00","updated_at":"2023-11-07 03:40:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://github.com/openmrs/openmrs-module-referenceapplication/pull/89","name":"https://github.com/openmrs/openmrs-module-referenceapplication/pull/89","refsource":"MISC","tags":[],"title":"RA-1875: EMPT110 Fixed XSS Vulnerability in AppId field on User App Page by The-Lady · Pull Request #89 · openmrs/openmrs-module-referenceapplication · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74","name":"https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74","refsource":"MISC","tags":[],"title":"Merge pull request #89 from The-Lady/EMPT110 · openmrs/openmrs-module-referenceapplication@0410c09 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?id.216883","name":"https://vuldb.com/?id.216883","refsource":"MISC","tags":[],"title":"CVE-2021-4289 | OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scripting (ID 89)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0","name":"https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0","refsource":"MISC","tags":[],"title":"Release referenceapplication-2.12.0 · openmrs/openmrs-module-referenceapplication · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.216883","name":"https://vuldb.com/?ctiid.216883","refsource":"MISC","tags":[],"title":"CVE-2021-4289 | OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scripting (ID 89)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://issues.openmrs.org/browse/RA-1875","name":"https://issues.openmrs.org/browse/RA-1875","refsource":"MISC","tags":[],"title":"[RA-1875] Resolve issues identified in NCSU report - OpenMRS Issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-4289","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4289","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"4289","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openmrs","cpe5":"reference_application","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-4289","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883."},{"lang":"deu","value":"In OpenMRS openmrs-module-referenceapplication bis 2.11.x wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion post der Datei omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java der Komponente User App Page. Durch das Manipulieren des Arguments AppId mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.12.0 vermag dieses Problem zu lösen. Der Patch wird als 0410c091d46eed3c132fe0fcafe5964182659f74 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross Site Scripting","cweId":"CWE-79"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"OpenMRS","product":{"product_data":[{"product_name":"openmrs-module-referenceapplication","version":{"version_data":[{"version_value":"2.0","version_affected":"="},{"version_value":"2.1","version_affected":"="},{"version_value":"2.2","version_affected":"="},{"version_value":"2.3","version_affected":"="},{"version_value":"2.4","version_affected":"="},{"version_value":"2.5","version_affected":"="},{"version_value":"2.6","version_affected":"="},{"version_value":"2.7","version_affected":"="},{"version_value":"2.8","version_affected":"="},{"version_value":"2.9","version_affected":"="},{"version_value":"2.10","version_affected":"="},{"version_value":"2.11","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0","refsource":"MISC","name":"https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0"},{"url":"https://vuldb.com/?id.216883","refsource":"MISC","name":"https://vuldb.com/?id.216883"},{"url":"https://vuldb.com/?ctiid.216883","refsource":"MISC","name":"https://vuldb.com/?ctiid.216883"},{"url":"https://github.com/openmrs/openmrs-module-referenceapplication/pull/89","refsource":"MISC","name":"https://github.com/openmrs/openmrs-module-referenceapplication/pull/89"},{"url":"https://issues.openmrs.org/browse/RA-1875","refsource":"MISC","name":"https://issues.openmrs.org/browse/RA-1875"},{"url":"https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74","refsource":"MISC","name":"https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74"}]},"impact":{"cvss":[{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"},{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}]}},"nvd":{"publishedDate":"2022-12-27 13:15:00","lastModifiedDate":"2023-11-07 03:40:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openmrs:reference_application:*:*:*:*:*:*:*:*","versionEndExcluding":"2.12.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}