OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

Title: OpenEMR 4.1.1 (site param) Remote XSS Vulnerability
Advisory ID: ZSL-2013-5129
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (2/5)
Release Date: 21.02.2013
Summary
OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms.
Description
OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'site' GET parameter in the central 'globals.php' script which is called by every script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Vendor
OpenEMR - http://www.open-emr.org
Affected Version
4.1.1
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Fedora Linux
Apache2, PHP 5.4 MySQL 5.5
Vendor Status
[09.02.2013] Vulnerability discovered.
[14.02.2013] Contact with the vendor with sent PoC file.
[15.02.2013] Vendor confirms the vulnerability creating a fix.
[20.02.2013] Vendor releases patch 4.1.1-Patch-11 to address this issue.
[21.02.2013] Coordinated public security advisory released.
PoC
openemr_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
[2] http://cxsecurity.com/issue/WLB-2013020153
[3] http://packetstormsecurity.com/files/120463
[4] http://www.securityfocus.com/bid/58085
[5] http://www.osvdb.org/show/osvdb/90549
[6] http://secunia.com/advisories/52145/
[7] http://xforce.iss.net/xforce/xfdb/82259
[8] http://www.open-emr.org/wiki/index.php/Security_Alert_Fixes
Changelog
[21.02.2013] - Initial release
[22.02.2013] - Added reference [4], [5] and [6]
[23.02.2013] - Added reference [7]
[08.10.2014] - Added reference [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk