CVE-2020-5731

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit’s page is vulnerable to cross-site scripting.
Source: NIST
CVE-2020-5731