Openmrs Security Vulnerabilities
A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component...
6.1CVSS
6.1AI Score
0.001EPSS
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in...
9.8CVSS
9.8AI Score
0.002EPSS
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...
7.5CVSS
7.6AI Score
0.001EPSS
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site...
6.1CVSS
6.5AI Score
0.001EPSS
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this...
6.1CVSS
6.7AI Score
0.001EPSS
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive...
6.1CVSS
6.7AI Score
0.002EPSS
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site...
6.1CVSS
6.5AI Score
0.001EPSS
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site...
6.1CVSS
6.1AI Score
0.001EPSS
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to...
6.1CVSS
6.8AI Score
0.002EPSS
9.8CVSS
7.4AI Score
0.005EPSS
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request...
9.8CVSS
9.7AI Score
0.963EPSS
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system...
9.8CVSS
8.1AI Score
0.006EPSS
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to...
7.2AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to...
5.8AI Score
0.002EPSS
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to...
6.1AI Score
0.002EPSS