Lucene search
+L

5 matches found

Cvelist
Cvelist
added 2026/03/25 11:46 p.m.28 views

CVE-2026-34053 OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...

7.1CVSS0.00415EPSS
Exploits1References3
CVE
CVE
added 2026/03/25 10:30 p.m.31 views

CVE-2026-33348

OpenEMR has a stored XSS vulnerability in the Eye Exam form answers for the Notes - my encounters role. Versions prior to 8.0.0.3 allow an authenticated attacker with that role to inject arbitrary JavaScript via form answers, which is executed when other users view the form answers on encounter p...

8.7CVSS5.8AI score0.00296EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 10:27 p.m.2 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/25 10:24 p.m.1 views

CVE-2026-29187 OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.1CVSS6.2AI score0.00473EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28142

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could create a malicious form. When submitted by a victim,...

5.4CVSS5.9AI score0.00219EPSS
Exploits0References6
Rows per page
Query Builder