27 matches found
CVE-2021-41843
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter providerid, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar=search URI...
EUVD-2018-8595
Malware in sbrugna...
EUVD-2018-7026
Malware in sbrugna...
EUVD-2017-7733
Malware in sbrugna...
EUVD-2018-7036
Malware in sbrugna...
EUVD-2018-7034
Malware in sbrugna...
EUVD-2022-51845
Malicious code in bioql PyPI...
CVE-2025-32967
OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...
CVE-2025-32967 OpenEMR doesn't log password administration properly
OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...
CVE-2025-32967 OpenEMR doesn't log password administration properly
OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This...
CVE-2025-32794 OpenEMR Stored XSS via Patient Name Field in Procedure Orders
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system ...
CVE-2020-29139
A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...
CVE-2019-8371
OpenEMR v5.0.1-6 allows code execution...
CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the docid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2019-3966
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreignid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2025-31117
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...
CVE-2025-29772
OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hiddensubcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting XSS vul;nerability in CAMOS new.php. This...
CVE-2025-31121
OpenEMR’s Patient Image feature (EXIF title) is vulnerable to cross-site scripting prior to version 7.0.3.1. Affected component: Patient Image handling in OpenEMR. Root cause: unsanitized EXIF title in uploaded images enables XSS. Impact: CVE-2025-31121 indicates attacker-executed script in vulne...
CVE-2025-31121 OpenEMR allows XSS in Patient Image feature
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...
CVE-2025-30161 OpenEMR Stored XSS in OpenEMR Bronchitis Form
OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed...