OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-28407)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A cross-site scripting vulnerability in the documentid parameter in controller.php in OpenEMR 5.0.1 and earlier versions can be exploited by an attacker to execute arbitrary code in the context of...

CVE-2019-3965

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the documentid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...

CVE-2019-3965

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the documentid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...

Cross site scripting

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the documentid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...

CVE-2019-3965

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the documentid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...

Sql injection

Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter to categories.asp; and probably 2 the documentid parameter to categories.asp, and the 3 catid and 4 documentid parameters to subcategory.asp...