Openemr Security Vulnerabilities and Issues — Openemr CVE List

Lucene search

Open-emrOpenemr

29 matches found

CVE•added 2022/03/30 11:15 a.m.•81 views

CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

6.5CVSS4.8AI score0.03305EPSS

CVE•added 2022/03/23 10:15 p.m.•76 views

CVE-2022-25041

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.

4.3CVSS4.8AI score0.00369EPSS

CVE•added 2022/03/30 12:15 p.m.•72 views

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

8CVSS5.6AI score0.28185EPSS

CVE•added 2022/03/25 9:15 p.m.•70 views

CVE-2022-24643

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.

5.4CVSS5.2AI score0.01559EPSS

CVE•added 2022/04/25 11:15 a.m.•69 views

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

8.1CVSS6.8AI score0.01648EPSS

CVE•added 2022/03/30 12:15 p.m.•68 views

CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

5.4CVSS4.8AI score0.50874EPSS

CVE•added 2022/03/30 12:15 p.m.•68 views

CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

4.6CVSS3.8AI score0.18525EPSS

CVE•added 2022/04/25 10:15 a.m.•65 views

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

8.3CVSS8.3AI score0.00473EPSS

CVE•added 2022/04/25 10:15 a.m.•63 views

CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

7.3CVSS5.5AI score0.10429EPSS

CVE•added 2022/03/30 12:15 p.m.•61 views

CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

7.3CVSS5.5AI score0.24476EPSS

CVE•added 2022/08/09 12:15 p.m.•58 views

CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

8.3CVSS8.3AI score0.00079EPSS

CVE•added 2022/03/03 12:15 a.m.•56 views

CVE-2022-25471

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.

8.1CVSS7.7AI score0.01304EPSS

CVE•added 2022/07/22 4:15 a.m.•55 views

CVE-2022-2493

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

8.3CVSS8.1AI score0.00451EPSS

CVE•added 2022/12/15 1:15 a.m.•54 views

CVE-2022-4503

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

6.4CVSS6AI score0.0033EPSS

CVE•added 2022/12/15 1:15 a.m.•54 views

CVE-2022-4506

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

8.8CVSS8.2AI score0.00036EPSS

CVE•added 2022/08/09 12:15 p.m.•50 views

CVE-2022-2731

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

6.1CVSS5.7AI score0.00941EPSS

CVE•added 2022/12/17 6:15 a.m.•50 views

CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

8.1CVSS8.1AI score0.00051EPSS

CVE•added 2022/08/09 12:15 p.m.•49 views

CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

5.4CVSS5.3AI score0.00977EPSS

CVE•added 2022/12/15 1:15 a.m.•48 views

CVE-2022-4504

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

7.5CVSS7.2AI score0.00147EPSS

CVE•added 2022/12/19 8:15 p.m.•48 views

CVE-2022-4615

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

8.3CVSS6.3AI score0.00611EPSS

CVE•added 2022/04/18 5:15 p.m.•47 views

CVE-2020-13567

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

9.8CVSS9.9AI score0.00054EPSS

CVE•added 2022/08/09 12:15 p.m.•47 views

CVE-2022-2730

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

6.5CVSS6.5AI score0.00047EPSS

CVE•added 2022/08/09 12:15 p.m.•45 views

CVE-2022-2733

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

9.6CVSS6.3AI score0.88054EPSS

CVE•added 2022/12/15 1:15 a.m.•45 views

CVE-2022-4505

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

8.8CVSS5AI score0.00098EPSS

CVE•added 2022/07/22 4:15 a.m.•43 views

CVE-2022-2494

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

6.3CVSS5.4AI score0.17865EPSS

CVE•added 2022/08/09 1:15 p.m.•42 views

CVE-2022-2734

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

10CVSS5.9AI score0.00663EPSS

CVE•added 2022/08/15 4:15 p.m.•42 views

CVE-2022-2824

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

8.8CVSS5.9AI score0.0012EPSS

CVE•added 2022/12/15 1:15 a.m.•40 views

CVE-2022-4502

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

7.3CVSS6.2AI score0.01926EPSS

CVE•added 2022/12/27 3:15 p.m.•27 views

CVE-2022-4733

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

6.7CVSS5.1AI score0.0034EPSS