EUVD-2021-27551

Malicious code in bioql PyPI...

CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

Design/Logic Flaw

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

CVE-2021-40375

CVE-2021-40375 affects OpenEyes 3.5.1 (Apperta Foundation). The vulnerability allows remote attackers to view sensitive patient information (PII, medication history) because the server responded with sensitive data in responses despite returning a Forbidden message. Underlying cause and mitigatio...

CVE-2021-40374

CVE-2021-40374 describe a stored cross-site scripting (XSS) vulnerability in Apperta Foundation OpenEyes 3.5.1. The issue occurs when updating a patient’s details, where an attacker can inject arbitrary web script or HTML into the Address1 parameter. This injected script runs when the patient’s p...

Apperta Foundation OpenEyes 跨站脚本漏洞

Apperta Foundation OpenEyes is an open source electronic medical record ERP from the Apperta Foundation. A security vulnerability in Apperta Foundation OpenEyes 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter...