Lucene search
K

110 matches found

Cvelist
Cvelist
added 2026/06/09 10:50 p.m.41 views

CVE-2026-46518 OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS0.00208EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 10:50 p.m.10 views

EUVD-2026-35869

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS5.5AI score0.00208EPSS
Exploits1References1
CVE
CVE
added 2026/06/09 10:50 p.m.27 views

CVE-2026-46518

OpenEMR vulnerability CVE-2026-46518: a stored XSS in the prescription CSS/HTML multi-print feature affects OpenEMR prior to version 8.0.0.1. A patient portal user can inject attacker-controlled HTML into patient_data via PUT /api/patient/:num and trigger JavaScript execution in a clinician’s bro...

8.7CVSS5.5AI score0.00208EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.4 views

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References1
NVD
NVD
added 2026/03/11 9:16 p.m.6 views

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS0.00191EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 8:47 p.m.4 views

EUVD-2026-11389

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS5.8AI score0.00191EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

7.7CVSS5.7AI score0.00191EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.6 views

CVE-2026-25746

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...

8.8CVSS5.8AI score0.03101EPSS
Exploits2References1
NVD
NVD
added 2026/02/25 7:43 p.m.21 views

CVE-2026-25746

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...

8.8CVSS0.03101EPSS
Exploits2References7
EUVD
EUVD
added 2026/02/25 6:39 p.m.5 views

EUVD-2026-8714

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...

8.8CVSS5.8AI score0.03101EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/02/25 6:39 p.m.34 views

CVE-2026-25746 OpenEMR has SQL Injection Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...

8.8CVSS0.03101EPSS
Exploits2References7
CVE
CVE
added 2026/02/25 6:39 p.m.15 views

CVE-2026-25746

CVE-2026-25746 (OpenEMR) affects OpenEMR versions prior to 8.0.0, where a SQL injection vulnerability exists in the prescription listing functionality due to insufficient input validation in the code path that builds the prescriptions query (Prescription.class.php and C_Prescription.list_action)....

8.8CVSS5.8AI score0.03101EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2026/02/25 6:39 p.m.4 views

CVE-2026-25746 OpenEMR has SQL Injection Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...

8.8CVSS5.9AI score0.03101EPSS
Exploits2References9
ATTACKERKB
ATTACKERKB
added 2026/02/25 6:39 p.m.4 views

CVE-2026-25746

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in...

8.8CVSS5.9AI score0.03101EPSS
Exploits2References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-21981

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Insufficient input validation in the prescription listing functionality allows authenticated attackers to exploit ...

8.8CVSS5.5AI score0.03101EPSS
Exploits2References13
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

OpenEMR SQL注入漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 had a SQL injection...

8.8CVSS5.8AI score0.03101EPSS
Exploits2References7
GithubExploit
GithubExploit
added 2026/02/03 2:41 p.m.126 views

Exploit for CVE-2026-25746

CVE-2026-25746 - SQL Injection Vulnerability in OpenEMR Weak...

8.8CVSS6.6AI score0.03101EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.9 views

CVE-2024-2317

A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be...

9.1CVSS9.3AI score0.00838EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.6 views

CVE-2024-2276

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venuecontroller/editvenue/ of the component Edit Venue Page. The manipulation of the argument...

6.1CVSS6AI score0.00488EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.8 views

CVE-2024-2277

A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/changepasswordsave of the component Password Reset Handler. The manipulation leads to cross-site...

5CVSS6.7AI score0.00331EPSS
Exploits1References1
Rows per page
Query Builder