cvedb.io
CVE-2016-6272
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-02-20T15:29:00.243 · Last modified 2026-06-17T00:50:44.220

Summary

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.

Affected products

epic — mychart

Does this affect you?

Add your gear to cvedb and we'll alert you only when epic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.