CVE-2022-31494

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.

CVE-2022-31493

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.

CVE-2022-29940

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.

CVE-2022-31492

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.

CVE-2022-31498

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.

CVE-2022-29939

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.

CVE-2022-31496

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.

CVE-2022-29938

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.

CVE-2022-31497

LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.

CVE-2022-31495

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.