EUVD-2021-27551

Malicious code in bioql PyPI...

EUVD-2021-27552

Malicious code in bioql PyPI...

CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

Cross site scripting

A stored cross-site scripting XSS vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which coul...

Design/Logic Flaw

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

CVE-2021-40375

CVE-2021-40375 affects OpenEyes 3.5.1 (Apperta Foundation). The vulnerability allows remote attackers to view sensitive patient information (PII, medication history) because the server responded with sensitive data in responses despite returning a Forbidden message. Underlying cause and mitigatio...

CVE-2021-40375

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This respons...

CVE-2021-40374

CVE-2021-40374 describe a stored cross-site scripting (XSS) vulnerability in Apperta Foundation OpenEyes 3.5.1. The issue occurs when updating a patient’s details, where an attacker can inject arbitrary web script or HTML into the Address1 parameter. This injected script runs when the patient’s p...

CVE-2021-40374

A stored cross-site scripting XSS vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which coul...

Apperta Foundation OpenEyes 跨站脚本漏洞

Apperta Foundation OpenEyes is an open source electronic medical record ERP from the Apperta Foundation. A security vulnerability in Apperta Foundation OpenEyes 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter...

Apperta Foundation OpenEyes 信息泄露漏洞

Apperta Foundation OpenEyes is an open source electronic medical record ERP from the Apperta Foundation. A security vulnerability exists in Apperta Foundation OpenEyes 3.5.1 that allows remote attackers to view sensitive patient information without the expected privilege level...