387 matches found
OpenClinic GA Security Vulnerability
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which originates from a directory path traversal attack that can be...
CVE-2023-40277
OpenClinic GA 5.247.01 contains a reflected XSS in the login.jsp message parameter. The vulnerability affects the login flow and is documented with CVSSv3.1 base score 6.1 (MEDIUM) with Network attack vector, low attack complexity, no privileges, user interaction required, and changed scope (C/L/...
PT-2024-12882 · Unknown · Openclinic Ga
Name of the Vulnerable Software and Affected Versions: OpenClinic GA version 5.247.01 Description: An issue was discovered in OpenClinic GA, allowing an attacker to perform a directory path traversal via the Page parameter in a GET request to the "main.do" endpoint. Recommendations: For OpenClini...
OpenClinic GA Security Vulnerability
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which stems from an information disclosure vulnerability...
OpenClinic GA Security Vulnerability
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which stems from an unauthenticated file download vulnerability...
CVE-2023-40277
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting XSS vulnerability has been discovered in the login.jsp message parameter...
CVE-2023-40276
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp...
CVE-2023-40280
OpenClinic GA 5.247.01 is affected by CVE-2023-40280 due to a directory path traversal via the Page parameter in a GET request to popup.jsp. The issue is described consistently across sources (NVD/Red Hat/CNNVD/CVE List), with an attack vector described as network-accessible and a high impact in ...
CVE-2023-40280
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp...
CVE-2023-40280
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp...
CVE-2023-40277
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting XSS vulnerability has been discovered in the login.jsp message parameter...
CVE-2023-40276
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp...
CVE-2023-40279
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do...
CVE-2023-40279
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do...
OpenClinic GA Path Traversal Vulnerability
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which originates from a directory path traversal attack that can be...
CVE-2023-40279
OpenClinic GA 5.247.01 has a directory path traversal vulnerability (CVE-2023-40279) via the Page parameter in GET /openclinic/main.do. Multiple connected sources describe potential access to arbitrary files and even execution in some contexts. No patch/version remediation details are provided in...
CVE-2023-40275
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to common/search/searchByAjax/patientslistShow.jsp...
OpenClinic GA Security Vulnerability
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which stems from the presence of a Reflective Cross-Site Scripting XS...
CVE-2023-40278
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error...
CVE-2023-40276
OpenClinic GA 5.247.01 contains an unauthenticated file download vulnerability in pharmacy/exportFile.jsp. The issue allows unauthorized access to files, with CVSS v3.1 base score 9.1 (CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). No exploitation details are provided in the primary CVE entry. R...