CVE-2025-25925

Published: 2025-03-11T20:15Z

Last Modified: 2025-03-12T16:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt