CVE-2025-56015

In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...

CVE-2025-56015

In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...

CVE-2025-67491

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2025-67491

OpenEMR vulnerability CVE-2025-67491 affects versions 5.0.0.5–7.0.3.4, with a stored cross-site scripting flaw in the ub04 billing helper. The issue arises when $data is placed in a single-quoted click event handler without proper sanitization, allowing a malicious user to inject JS payloads desp...

CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions 5.0.0.5 to 7.0.3.4 of OpenEMR contain security...

Sealos 安全漏洞

Sealos is a cloud operating system designed for managing cloud-native applications. A security vulnerability exists in Sealos 4.2.0 and prior versions that stems from a privilege flaw where the billing interface can expose resource information...

CVE-2022-29938

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter paymentid in interface\billing\newpayment.php via interface\billing\paymentmaster.inc.php leads to SQL injection...

CVE-2022-29939

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sleobprocess.php leads to multiple cross-site scripting XSS vulnerabilities...