Filtered by vendor Openmrs
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-12796 | 1 Openmrs | 1 Openmrs | 2024-11-21 | N/A |
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request. | ||||
CVE-2017-12795 | 1 Openmrs | 1 Openmrs-module-htmlformentry | 2024-11-21 | N/A |
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | ||||
CVE-2014-8073 | 1 Openmrs | 1 Openmrs | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form. | ||||
CVE-2014-8072 | 1 Openmrs | 1 Openmrs | 2024-11-21 | N/A |
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. | ||||
CVE-2014-8071 | 1 Openmrs | 1 Openmrs | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page. |