Openemr@5.0.0 Security Vulnerabilities and Issues — Openemr@5.0.0 CVE List

Lucene search

Open-emrOpenemr5.0.0

3 matches found

CVE•added 2018/02/09 11:29 p.m.•60 views

CVE-2018-1000020

OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.

6.1CVSS6.2AI score0.0386EPSS

CVE•added 2017/08/01 5:29 a.m.•44 views

CVE-2017-12064

The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.

7.5CVSS7.5AI score0.00593EPSS

CVE•added 2018/02/09 11:29 p.m.•44 views

CVE-2018-1000019

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.

9CVSS7.8AI score0.29309EPSS