OpenEMR <5.0.2 - Local File Inclusion

OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajaxdownload.php. An attacker can download any file that is readable by the web server user from server storage. If the requested file is writable for the web server user and the directory...

OpenEMR 4.1 - Local File Inclusion

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter. id:...

Openemr < 7.0.0.1 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. id: CVE-2022-2733 info: name: Openemr 7.0.0.1 - Cross-Site Scripting author: ctflearner severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to...

OpenEMR < 7.0.1 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.1. id: CVE-2023-2948 info: name: OpenEMR 7.0.1 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr...

CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

OpenEMR < 7.0.1 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.1. id: CVE-2023-2949 info: name: OpenEMR 7.0.1 - Cross-site Scripting author: ritikchaddha,princechaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr...

CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

EUVD-2026-35869

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

CVE-2026-46518 OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

CVE-2026-46518 OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

PT-2026-48297

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

OpenEMR 7.0.2 - Arbitrary File Read

Exploit Title: OpenEMR 7.0.2 - Arbitrary File Read Google Dork: intitle:"OpenEMR" inurl:"interface/login/login.php" Date: 2026-06-06 Exploit Author: doany1 Vendor Homepage: https://www.open-emr.org/ Software Link:...

📄 OpenEMR 7.0.2 Arbitrary File Read

OpenEMR version 7.0.2 suffers from an arbitrary file read vulnerability. Exploit Title: OpenEMR 7.0.2 - Arbitrary File Read Google Dork: intitle:"OpenEMR" inurl:"interface/login/login.php" Date: 2026-06-06 Exploit Author: doany1 Vendor Homepage: https://www.open-emr.org/ Software Link:...

Exploit for Path Traversal in Open-Emr Openemr

CVE-2026-24849 OpenEMR Authenticated Arbitrary File Read Eth...

EUVD-2023-60570

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

CVE-2023-54347

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

CVE-2023-54347

OpenEMR 7.0.1 is affected by an authentication brute-force vulnerability that bypasses rate-limiting on the main login endpoint. Attackers can send repeated POST requests with authUser and clearPass to test credentials without triggering account lockout. CVSS metrics indicate HIGH impact, network...

CVE-2023-54347

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

CVE-2023-54347 OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

CVE-2023-54347 OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...