CVE-2022-4733: 
OpenEMR vulnerability analysis and mitigation

A Stored Cross-site Scripting (XSS) vulnerability was discovered in GitHub repository openemr/openemr prior to version 7.0.0.2. The vulnerability was assigned CVE-2022-4733 and was disclosed on December 27, 2022. The vulnerability affects the OpenEMR software, which is an open-source electronic health records and medical practice management solution (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network accessible, requires high privileges and user interaction, has changed scope, and can impact both confidentiality and integrity at a low level, with no impact on availability. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (NVD).

The vulnerability allows attackers to execute stored cross-site scripting attacks, potentially leading to unauthorized access to sensitive information and the ability to modify web content. The impact is considered medium severity due to the requirement of high privileges and user interaction for successful exploitation (NVD).

A patch has been released to address this vulnerability in OpenEMR version 7.0.0.2. Users are advised to upgrade to this version or later. The fix includes improvements to input sanitization and the addition of a special function to remove 'javascript' strings for HTML link variables (GitHub Patch).