Lucene search
K

14 matches found

EUVD
EUVD
added 2026/03/25 11:36 p.m.6 views

EUVD-2026-16036

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 11:36 p.m.6 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.9AI score0.00351EPSS
Exploits1References5
CVE
CVE
added 2026/03/25 11:36 p.m.19 views

CVE-2026-33931

Vulnerability summary (CVE-2026-33931) : OpenEMR prior to version 8.0.0.3 contains an insecure direct object reference (IDOR) in the patient portal payment page. By manipulating the recid parameter in portal/portal_payment.php, any authenticated portal patient could access other patients’ payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/19 9:17 p.m.6 views

CVE-2026-33346

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...

8.7CVSS0.00322EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 8:33 p.m.20 views

CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...

8.7CVSS0.00322EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/19 8:33 p.m.4 views

CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...

8.7CVSS5.7AI score0.00322EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 8:33 p.m.8 views

CVE-2026-33346

OpenEMR (website: per CVE-2026-33346) has a stored XSS in the patient portal payment flow prior to version 8.0.0.2. The payload is stored via portal/lib/paylib.php and rendered unescaped in portal/portal_payment.php, enabling arbitrary JavaScript to execute in a staff member’s browser when review...

8.7CVSS5.7AI score0.00322EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 4:44 p.m.5 views

CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/27 4:44 p.m.21 views

CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/02/27 4:44 p.m.3 views

CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References4
CVE
CVE
added 2026/02/27 4:44 p.m.14 views

CVE-2026-25147

OpenEMR CVE-2026-25147 affects the portal payment flow. In versions prior to 8.0.0, portal_payment.php takes the target patient id from the HTTP request (pid from $_REQUEST and hidden_patient_code) rather than the authenticated portal user’s pid. This allows a logged-in portal user to overwrite t...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

7.1CVSS5.8AI score0.0022EPSS
Exploits1References3
Rows per page
Query Builder