Filtered by vendor Open-emr
Subscriptions
Filtered by product Openemr
Subscriptions
Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-25921 | 1 Open-emr | 1 Openemr | 2024-08-03 | 5.4 Medium |
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit. | ||||
CVE-2021-25922 | 1 Open-emr | 1 Openemr | 2024-08-03 | 6.1 Medium |
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code. | ||||
CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.1 High |
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. | ||||
CVE-2021-25917 | 1 Open-emr | 1 Openemr | 2024-08-03 | 4.8 Medium |
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
CVE-2021-25919 | 1 Open-emr | 1 Openemr | 2024-08-03 | 4.8 Medium |
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
CVE-2021-25920 | 1 Open-emr | 1 Openemr | 2024-08-03 | 6.5 Medium |
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user. | ||||
CVE-2022-25471 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.1 High |
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. | ||||
CVE-2022-25041 | 1 Open-emr | 1 Openemr | 2024-08-03 | 4.3 Medium |
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. | ||||
CVE-2022-24643 | 1 Open-emr | 1 Openemr | 2024-08-03 | 5.4 Medium |
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | ||||
CVE-2022-4733 | 1 Open-emr | 1 Openemr | 2024-08-03 | 4.8 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4615 | 1 Open-emr | 1 Openemr | 2024-08-03 | 6.1 Medium |
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4505 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.8 High |
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4506 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.8 High |
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4567 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.1 High |
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4503 | 1 Open-emr | 1 Openemr | 2024-08-03 | 6.1 Medium |
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4502 | 1 Open-emr | 1 Openemr | 2024-08-03 | 6.1 Medium |
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4504 | 1 Open-emr | 1 Openemr | 2024-08-03 | 7.5 High |
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-2824 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.8 High |
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
CVE-2022-2734 | 1 Open-emr | 1 Openemr | 2024-08-03 | 5.4 Medium |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
CVE-2022-2729 | 1 Open-emr | 1 Openemr | 2024-08-03 | 5.4 Medium |
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. |