18 matches found
CVE-2026-33913
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....
CVE-2026-34056 OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
EUVD-2026-13154
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...
CVE-2025-67752
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...
EUVD-2024-16657
Malicious code in bioql PyPI...
CVE-2023-2949
Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2018-1000219
OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'scan' parameter in line 41 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...
CVE-2022-4506
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4502
Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2023-2948 Cross-site Scripting (XSS) - Generic in openemr/openemr
Cross-site Scripting XSS - Generic in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2023-2945
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1...
OpenEMR 安全漏洞
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in OpenEMR version 7.0.0, which stems from the...
PT-2022-18902 · Openemr · Openemr
Name of the Vulnerable Software and Affected Versions: openemr versions prior to 7.0.0.1 Description: The issue is related to improper access control, specifically an authorization bypass through a user-controlled key. This allows unauthorized access to certain resources. Recommendations: For...
CVE-2022-1461
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1...
CVE-2022-25041
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-32189)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A cross-site scripting vulnerability exists in OpenEMR 5.0.1-6, which can be exploited by an attacker to execute client-side code...
CVE-2018-17180
OpenEMR up to version 5.0.1 Patch 7 is affected by a Directory Traversal vulnerability in the portal/lib/download_template.php via docid=../, exposing partial confidentiality. Root cause is improper path handling allowing traversal to access restricted files. A patch exists in 5.0.1 Patch 7 (and ...
Cross site scripting
OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'file' parameter in line 43 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...