Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Open-emrOpenemr

12 matches found

CVE
CVEadded 2023/05/27 10:15 p.m.89 views

CVE-2023-2945

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

5.4CVSS4.9AI score0.00175EPSS
CVE
CVEadded 2022/03/25 9:15 p.m.70 views

CVE-2022-24643

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.

5.4CVSS5.2AI score0.01559EPSS
CVE
CVEadded 2022/03/30 12:15 p.m.68 views

CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

5.4CVSS4.8AI score0.50874EPSS
CVE
CVEadded 2022/08/09 12:15 p.m.49 views

CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

5.4CVSS5.3AI score0.00977EPSS
CVE
CVEadded 2017/11/17 3:29 a.m.43 views

CVE-2017-1000240

The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.

5.4CVSS5.4AI score0.00097EPSS
CVE
CVEadded 2021/03/22 8:15 p.m.43 views

CVE-2021-25921

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the Allergies section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.

5.4CVSS5.2AI score0.57066EPSS
CVE
CVEadded 2018/08/20 8:29 p.m.41 views

CVE-2018-1000219

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitabl...

5.4CVSS5AI score0.00059EPSS
CVE
CVEadded 2025/05/23 4:15 p.m.40 views

CVE-2025-32967

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weak...

5.4CVSS5.6AI score0.00157EPSS
CVE
CVEadded 2015/07/05 1:59 a.m.37 views

CVE-2015-4453

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_searc...

5CVSS6.7AI score0.40869EPSS
CVE
CVEadded 2018/08/20 8:29 p.m.35 views

CVE-2018-1000218

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitabl...

5.4CVSS5AI score0.0002EPSS
CVE
CVEadded 2023/02/22 9:15 p.m.32 views

CVE-2023-22972

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR

5.4CVSS5AI score0.00069EPSS
CVE
CVEadded 2019/05/17 4:29 p.m.29 views

CVE-2018-17180

An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.

5.3CVSS5.6AI score0.00098EPSS