6.3CVSS
8.1AI Score
0.004EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...
8.3CVSS
6.1AI Score
0.003EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to...
8.3CVSS
6.1AI Score
0.003EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...
4.7CVSS
4.9AI Score
0.011EPSS
6.3CVSS
8.1AI Score
0.003EPSS
6.3CVSS
5.5AI Score
0.004EPSS
4.6CVSS
8.9AI Score
0.001EPSS
4.3CVSS
5.5AI Score
0.006EPSS
8.1CVSS
8.1AI Score
0.003EPSS
8.8CVSS
4.6AI Score
0.004EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...
7.5CVSS
4.9AI Score
0.015EPSS
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the...
5.4CVSS
5AI Score
0.001EPSS
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL...
7.5CVSS
7.4AI Score
0.005EPSS
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname...
8.8CVSS
8.5AI Score
0.009EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...
4.8CVSS
4.9AI Score
0.008EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...
6.1CVSS
6.1AI Score
0.005EPSS
8.1CVSS
8.1AI Score
0.002EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...
6.1CVSS
6.1AI Score
0.005EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to...
6.1CVSS
6.1AI Score
0.005EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to...
4.3CVSS
4.6AI Score
0.002EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to...
5.4CVSS
5.5AI Score
0.002EPSS
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to...
5.4CVSS
5.5AI Score
0.001EPSS
8.3CVSS
8.3AI Score
0.002EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to...
6.5CVSS
6.5AI Score
0.002EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...
6.1CVSS
6.1AI Score
0.002EPSS
5.4CVSS
5.4AI Score
0.004EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...
6.1CVSS
6.1AI Score
0.002EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...
5.4CVSS
5.3AI Score
0.016EPSS
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to...
8.1CVSS
8.1AI Score
0.002EPSS
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...
6.5CVSS
6.5AI Score
0.002EPSS
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to...
5.4CVSS
5.2AI Score
0.016EPSS
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to...
8.3CVSS
8.3AI Score
0.002EPSS
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this...
9.8CVSS
9.9AI Score
0.005EPSS
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to...
5.4CVSS
5.4AI Score
0.051EPSS
3.5CVSS
4.1AI Score
0.003EPSS
5.4CVSS
5.3AI Score
0.051EPSS
5.4CVSS
5.3AI Score
0.051EPSS
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to...
4.3CVSS
4.6AI Score
0.003EPSS
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version...
5.4CVSS
5.2AI Score
0.002EPSS
4.3CVSS
4.8AI Score
0.001EPSS
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to...
8.1CVSS
7.7AI Score
0.002EPSS
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search...
6.5CVSS
6.7AI Score
0.004EPSS
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all...
6.5CVSS
6.3AI Score
0.009EPSS
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account...
8.1CVSS
8AI Score
0.004EPSS
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR...
8.8CVSS
9AI Score
0.002EPSS
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then...
8.2CVSS
8.1AI Score
0.003EPSS
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname...
4.8CVSS
4.6AI Score
0.001EPSS
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR...
8.8CVSS
9AI Score
0.002EPSS