Lucene search

K

76 matches found

CVE
CVE
•added 2018/04/30 5:29 p.m.•182 views

CVE-2018-10571

Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or ...

6.1CVSS6.2AI score0.00141EPSS
Web
CVE
CVE
•added 2018/08/15 5:29 p.m.•151 views

CVE-2018-15153

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.

8.8CVSS8.9AI score0.72903EPSS
In wildWeb
CVE
CVE
•added 2019/08/13 2:15 p.m.•123 views

CVE-2019-14530

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/def...

8.8CVSS7.2AI score0.79098EPSS
Web
CVE
CVE
•added 2018/08/13 6:29 p.m.•121 views

CVE-2018-15139

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.

8.8CVSS8.6AI score0.80616EPSS
Web
CVE
CVE
•added 2023/05/08 5:15 a.m.•119 views

CVE-2023-2566

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

7.5CVSS5.2AI score0.0151EPSS
CVE
CVE
•added 2023/05/28 4:15 a.m.•115 views

CVE-2023-2949

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

8.3CVSS6.3AI score0.67701EPSS
CVE
CVE
•added 2018/08/15 5:29 p.m.•103 views

CVE-2018-15152

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_result...

9.1CVSS9.1AI score0.09059EPSS
CVE
CVE
•added 2023/05/28 4:15 a.m.•102 views

CVE-2023-2948

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

8.3CVSS6.3AI score0.80743EPSS
CVE
CVE
•added 2023/05/27 11:15 p.m.•101 views

CVE-2023-2947

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

4.8CVSS4.7AI score0.19854EPSS
CVE
CVE
•added 2023/05/28 4:15 a.m.•95 views

CVE-2023-2950

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

8.1CVSS7.1AI score0.00336EPSS
CVE
CVE
•added 2023/05/27 10:15 p.m.•92 views

CVE-2023-2944

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

6.3CVSS5.6AI score0.0006EPSS
CVE
CVE
•added 2023/05/27 10:15 p.m.•91 views

CVE-2023-2943

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

8.8CVSS6.8AI score0.00118EPSS
CVE
CVE
•added 2023/05/27 10:15 p.m.•90 views

CVE-2023-2945

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

5.4CVSS4.9AI score0.00238EPSS
CVE
CVE
•added 2023/05/27 11:15 p.m.•89 views

CVE-2023-2946

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

8.1CVSS7.1AI score0.00063EPSS
CVE
CVE
•added 2024/02/28 10:15 p.m.•88 views

CVE-2024-26476

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.

3.5CVSS6.9AI score0.00045EPSS
CVE
CVE
•added 2022/03/30 11:15 a.m.•83 views

CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

6.5CVSS4.8AI score0.03305EPSS
CVE
CVE
•added 2022/03/30 12:15 p.m.•73 views

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

8CVSS5.6AI score0.28185EPSS
CVE
CVE
•added 2022/04/25 11:15 a.m.•71 views

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

8.1CVSS6.8AI score0.01648EPSS
CVE
CVE
•added 2022/03/30 12:15 p.m.•70 views

CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

5.4CVSS4.8AI score0.50874EPSS
CVE
CVE
•added 2022/03/30 12:15 p.m.•69 views

CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

4.6CVSS3.8AI score0.18525EPSS
CVE
CVE
•added 2022/04/25 10:15 a.m.•66 views

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

8.3CVSS8.3AI score0.00473EPSS
CVE
CVE
•added 2023/02/22 9:15 p.m.•66 views

CVE-2023-22974

A Path Traversal in setup.php in OpenEMR

7.5CVSS7.3AI score0.03053EPSS
CVE
CVE
•added 2017/11/04 7:29 p.m.•65 views

CVE-2017-16540

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.

7.5CVSS7.3AI score0.00334EPSS
Web
CVE
CVE
•added 2022/04/25 10:15 a.m.•65 views

CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

7.3CVSS5.5AI score0.10429EPSS
CVE
CVE
•added 2018/08/13 6:29 p.m.•64 views

CVE-2018-15142

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed direct...

8.8CVSS8.7AI score0.023EPSS
Web
CVE
CVE
•added 2022/03/30 12:15 p.m.•63 views

CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

7.3CVSS5.5AI score0.24476EPSS
CVE
CVE
•added 2022/08/09 12:15 p.m.•59 views

CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

8.3CVSS8.3AI score0.00329EPSS
CVE
CVE
•added 2025/03/25 9:15 p.m.•59 views

CVE-2025-29789

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.

7.5CVSS7.3AI score0.0008EPSS
CVE
CVE
•added 2025/03/31 5:15 p.m.•59 views

CVE-2025-31117

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal reso...

7.5CVSS6.3AI score0.00214EPSS
CVE
CVE
•added 2022/07/22 4:15 a.m.•56 views

CVE-2022-2493

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

8.3CVSS8.1AI score0.00451EPSS
CVE
CVE
•added 2018/08/13 6:29 p.m.•55 views

CVE-2018-15140

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.

6.5CVSS6.7AI score0.0202EPSS
Web
CVE
CVE
•added 2018/08/13 6:29 p.m.•55 views

CVE-2018-15141

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.

6.5CVSS7.2AI score0.02037EPSS
Web
CVE
CVE
•added 2022/12/15 1:15 a.m.•55 views

CVE-2022-4503

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

6.4CVSS6AI score0.00413EPSS
CVE
CVE
•added 2022/12/15 1:15 a.m.•55 views

CVE-2022-4506

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

8.8CVSS8.2AI score0.00045EPSS
CVE
CVE
•added 2023/02/22 9:15 p.m.•55 views

CVE-2023-22973

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR

8.8CVSS8.4AI score0.01419EPSS
Web
CVE
CVE
•added 2022/08/09 12:15 p.m.•52 views

CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

5.4CVSS5.3AI score0.03478EPSS
CVE
CVE
•added 2022/08/09 12:15 p.m.•52 views

CVE-2022-2731

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

6.1CVSS5.7AI score0.01508EPSS
CVE
CVE
•added 2022/12/17 6:15 a.m.•52 views

CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

8.1CVSS8.1AI score0.00064EPSS
CVE
CVE
•added 2018/08/13 6:29 p.m.•51 views

CVE-2018-15143

Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.

9.8CVSS10AI score0.00017EPSS
Web
CVE
CVE
•added 2022/08/09 12:15 p.m.•51 views

CVE-2022-2733

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

9.6CVSS6.3AI score0.88186EPSS
CVE
CVE
•added 2022/12/19 8:15 p.m.•50 views

CVE-2022-4615

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

8.3CVSS6.3AI score0.00696EPSS
CVE
CVE
•added 2022/08/09 12:15 p.m.•49 views

CVE-2022-2730

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

6.5CVSS6.5AI score0.00177EPSS
CVE
CVE
•added 2022/12/15 1:15 a.m.•49 views

CVE-2022-4504

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

7.5CVSS7.2AI score0.00168EPSS
CVE
CVE
•added 2022/12/15 1:15 a.m.•47 views

CVE-2022-4505

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

8.8CVSS5AI score0.00107EPSS
CVE
CVE
•added 2022/07/22 4:15 a.m.•45 views

CVE-2022-2494

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

6.3CVSS5.4AI score0.17865EPSS
CVE
CVE
•added 2025/03/31 4:15 p.m.•45 views

CVE-2025-30149

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3.

6.4CVSS5.9AI score0.00126EPSS
CVE
CVE
•added 2022/08/15 4:15 p.m.•44 views

CVE-2022-2824

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

8.8CVSS5.9AI score0.00514EPSS
CVE
CVE
•added 2025/03/31 4:15 p.m.•44 views

CVE-2025-29772

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerabi...

7.2CVSS5.8AI score0.00143EPSS
CVE
CVE
•added 2025/04/01 3:16 p.m.•44 views

CVE-2025-31121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.

7CVSS6.3AI score0.00219EPSS
CVE
CVE
•added 2025/05/23 4:15 p.m.•44 views

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS6.8AI score0.00399EPSS
Total number of security vulnerabilities76