31 matches found
CVE-2022-4506
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2024-0875
CVE-2024-0875 affects OpenEMR/OpenEMR v7.0.1, where a stored XSS in the Secure Messaging feature allows injection into the inputBody field and execution when recipients view the message, potentially compromising accounts. The issue is fixed in v7.0.2.1. Affected component: Secure Messaging, vulne...
CVE-2024-0875 Stored XSS in openemr/openemr
A stored cross-site scripting XSS vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is...
CVE-2023-2948
Cross-site Scripting XSS - Generic in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2023-2950
CVE-2023-2950 affects OpenEMR prior to 7.0.1 and is tied to improper authorization that enables an HTML-injection vulnerability through the patient portal API. Specifically, the PUT endpoint /openemr/portal/patient/api/onsitedocument/{id} accepts a fullDocument payload; a malicious user can modif...
CVE-2023-2947
Cross-site Scripting XSS - Stored in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2023-2942
OpenEMR/OpenEMR before v7.0.1 is affected by an improper input validation flaw in the application that can impact confidentiality and integrity. Multiple sources concur on the issue, with CVSS 3.1/3.0 base scores around 8.1 (HIGH) and a network-based, low–complexity vector. The problem is tied to...
CVE-2023-2674
CVE-2023-2674 describes an improper access control vulnerability in OpenEMR before version 7.0.1. Connected sources corroborate that a front-end OpenEMR user could gain authorization to perform restricted actions (e.g., adding a Pharmacy) due to weak access controls in the application’s practice/...
CVE-2023-2674 Improper Access Control in openemr/openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1...
CVE-2022-4733 Cross-site Scripting (XSS) - Stored in openemr/openemr
Cross-site Scripting XSS - Stored in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4615 Cross-site Scripting (XSS) - Reflected in openemr/openemr
Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4567 Improper Access Control in openemr/openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4567
CVE-2022-4567 impacts OpenEMR (openemr/openemr) before version 7.0.0.2, due to an improper access control flaw. Reported as an authenticated-access issue that lets a user bypass controls to reach or retrieve any document via crafted URLs (e.g., direct document access and related actions). Concret...
CVE-2022-4505
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2...
Cross site scripting
Cross-site Scripting XSS - Generic in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4503 Cross-site Scripting (XSS) - Generic in openemr/openemr
Cross-site Scripting XSS - Generic in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4506 Unrestricted Upload of File with Dangerous Type in openemr/openemr
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2...
CVE-2022-4503
CVE-2022-4503 refers to a generic Cross-site Scripting (XSS) vulnerability in OpenEMR/OpenEMR prior to version 7.0.0.2. Affected product: OpenEMR/OpenEMR (GitHub repository openemr/openemr). Root cause details are not provided in the primary document set, but related sources consistently describe...
CVE-2022-4502 Cross-site Scripting (XSS) - Reflected in openemr/openemr
Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2...
Authorization
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1...