Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Openemr Security Vulnerabilities

cve
cve

CVE-2023-2950

Improper Authorization in GitHub repository openemr/openemr prior to...

6.3CVSS

8.1AI Score

0.004EPSS

2023-05-28 04:15 AM
74
cve
cve

CVE-2023-2949

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...

8.3CVSS

6.1AI Score

0.003EPSS

2023-05-28 04:15 AM
77
cve
cve

CVE-2023-2948

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to...

8.3CVSS

6.1AI Score

0.003EPSS

2023-05-28 04:15 AM
67
cve
cve

CVE-2023-2947

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...

4.7CVSS

4.9AI Score

0.011EPSS

2023-05-27 11:15 PM
76
cve
cve

CVE-2023-2946

Improper Access Control in GitHub repository openemr/openemr prior to...

6.3CVSS

8.1AI Score

0.003EPSS

2023-05-27 11:15 PM
67
cve
cve

CVE-2023-2944

Improper Access Control in GitHub repository openemr/openemr prior to...

6.3CVSS

5.5AI Score

0.004EPSS

2023-05-27 10:15 PM
69
cve
cve

CVE-2023-2943

Code Injection in GitHub repository openemr/openemr prior to...

4.6CVSS

8.9AI Score

0.001EPSS

2023-05-27 10:15 PM
69
cve
cve

CVE-2023-2945

Missing Authorization in GitHub repository openemr/openemr prior to...

4.3CVSS

5.5AI Score

0.006EPSS

2023-05-27 10:15 PM
68
cve
cve

CVE-2023-2942

Improper Input Validation in GitHub repository openemr/openemr prior to...

8.1CVSS

8.1AI Score

0.003EPSS

2023-05-27 10:15 PM
18
cve
cve

CVE-2023-2674

Improper Access Control in GitHub repository openemr/openemr prior to...

8.8CVSS

4.6AI Score

0.004EPSS

2023-05-12 08:15 AM
15
cve
cve

CVE-2023-2566

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...

7.5CVSS

4.9AI Score

0.015EPSS

2023-05-08 05:15 AM
93
cve
cve

CVE-2023-22972

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the...

5.4CVSS

5AI Score

0.001EPSS

2023-02-22 09:15 PM
15
cve
cve

CVE-2023-22974

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL...

7.5CVSS

7.4AI Score

0.005EPSS

2023-02-22 09:15 PM
41
cve
cve

CVE-2023-22973

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname...

8.8CVSS

8.5AI Score

0.009EPSS

2023-02-22 09:15 PM
26
cve
cve

CVE-2022-4733

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...

4.8CVSS

4.9AI Score

0.008EPSS

2022-12-27 03:15 PM
15
cve
cve

CVE-2022-4615

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...

6.1CVSS

6.1AI Score

0.005EPSS

2022-12-19 08:15 PM
25
cve
cve

CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to...

8.1CVSS

8.1AI Score

0.002EPSS

2022-12-17 06:15 AM
27
cve
cve

CVE-2022-4502

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...

6.1CVSS

6.1AI Score

0.005EPSS

2022-12-15 01:15 AM
19
cve
cve

CVE-2022-4504

Improper Input Validation in GitHub repository openemr/openemr prior to...

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-15 01:15 AM
24
cve
cve

CVE-2022-4506

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to...

8.8CVSS

8.7AI Score

0.001EPSS

2022-12-15 01:15 AM
30
cve
cve

CVE-2022-4503

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to...

6.1CVSS

6.1AI Score

0.005EPSS

2022-12-15 01:15 AM
28
cve
cve

CVE-2022-4505

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to...

4.3CVSS

4.6AI Score

0.002EPSS

2022-12-15 01:15 AM
26
cve
cve

CVE-2022-2824

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to...

5.4CVSS

5.5AI Score

0.002EPSS

2022-08-15 04:15 PM
26
6
cve
cve

CVE-2022-2734

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to...

5.4CVSS

5.5AI Score

0.001EPSS

2022-08-09 01:15 PM
25
3
cve
cve

CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to...

8.3CVSS

8.3AI Score

0.002EPSS

2022-08-09 12:15 PM
34
2
cve
cve

CVE-2022-2730

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to...

6.5CVSS

6.5AI Score

0.002EPSS

2022-08-09 12:15 PM
29
2
cve
cve

CVE-2022-2731

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...

6.1CVSS

6.1AI Score

0.002EPSS

2022-08-09 12:15 PM
33
2
cve
cve

CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to...

5.4CVSS

5.4AI Score

0.004EPSS

2022-08-09 12:15 PM
32
2
cve
cve

CVE-2022-2733

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to...

6.1CVSS

6.1AI Score

0.002EPSS

2022-08-09 12:15 PM
16
2
cve
cve

CVE-2022-2494

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to...

5.4CVSS

5.3AI Score

0.016EPSS

2022-07-22 04:15 AM
29
3
cve
cve

CVE-2022-2493

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to...

8.1CVSS

8.1AI Score

0.002EPSS

2022-07-22 04:15 AM
36
4
cve
cve

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...

6.5CVSS

6.5AI Score

0.002EPSS

2022-04-25 11:15 AM
58
1
cve
cve

CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to...

5.4CVSS

5.2AI Score

0.016EPSS

2022-04-25 10:15 AM
48
1
cve
cve

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to...

8.3CVSS

8.3AI Score

0.002EPSS

2022-04-25 10:15 AM
50
cve
cve

CVE-2020-13567

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this...

9.8CVSS

9.9AI Score

0.005EPSS

2022-04-18 05:15 PM
33
cve
cve

CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to...

5.4CVSS

5.4AI Score

0.051EPSS

2022-03-30 12:15 PM
54
cve
cve

CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to...

3.5CVSS

4.1AI Score

0.003EPSS

2022-03-30 12:15 PM
54
cve
cve

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to...

5.4CVSS

5.3AI Score

0.051EPSS

2022-03-30 12:15 PM
54
cve
cve

CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to...

5.4CVSS

5.3AI Score

0.051EPSS

2022-03-30 12:15 PM
47
cve
cve

CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to...

4.3CVSS

4.6AI Score

0.003EPSS

2022-03-30 11:15 AM
61
cve
cve

CVE-2022-24643

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version...

5.4CVSS

5.2AI Score

0.002EPSS

2022-03-25 09:15 PM
54
cve
cve

CVE-2022-25041

OpenEMR v6.0.0 was discovered to contain an incorrect access control...

4.3CVSS

4.8AI Score

0.001EPSS

2022-03-23 10:15 PM
62
cve
cve

CVE-2022-25471

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to...

8.1CVSS

7.7AI Score

0.002EPSS

2022-03-03 12:15 AM
43
cve
cve

CVE-2021-41843

An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search...

6.5CVSS

6.7AI Score

0.004EPSS

2021-12-17 04:15 AM
26
2
cve
cve

CVE-2021-40352

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all...

6.5CVSS

6.3AI Score

0.009EPSS

2021-09-01 01:15 PM
66
cve
cve

CVE-2021-25923

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account...

8.1CVSS

8AI Score

0.004EPSS

2021-06-24 11:15 AM
15
cve
cve

CVE-2021-32102

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR...

8.8CVSS

9AI Score

0.002EPSS

2021-05-07 04:15 AM
17
2
cve
cve

CVE-2021-32101

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then...

8.2CVSS

8.1AI Score

0.003EPSS

2021-05-07 04:15 AM
22
2
cve
cve

CVE-2021-32103

A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname...

4.8CVSS

4.6AI Score

0.001EPSS

2021-05-07 04:15 AM
17
2
cve
cve

CVE-2021-32104

A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR...

8.8CVSS

9AI Score

0.002EPSS

2021-05-07 04:15 AM
22
Total number of security vulnerabilities134