CVE-2021-43094

CVE-2021-43094 is an SQL Injection vulnerability in the OpenMRS Reference Application Standalone Edition (≤2.11) and Platform Standalone Edition (≤2.4.0) that is exploitable via GET requests on arbitrary parameters in the patient.page. The cited sources consistently describe a SQL injection vulne...

CVE-2021-4288

The CVE-2021-4288 issue affects OpenMRS OpenMRS module referenceapplication up to version 2.11.x, with cross-site scripting stemming from how omod/src/main/webapp/pages/userApp.gsp is handled. The vulnerability can be exploited remotely, and upgrading to version 2.12.0 addresses the issue (patch:...

CVE-2021-4289

CVE-2021-4289 affects OpenMRS openmrs-module-referenceapplication up to version 2.11.x. The vulnerability lies in the post function of UserAppPageController.java (parameter AppId) enabling cross-site scripting and can be exploited remotely. A fix is available in OpenMRS referenceapplication 2.12....

CVE-2018-16521

The CVE-2018-16521 entry describes an XML External Entity (XXE) vulnerability affecting OpenMRS HTML Form Entry 3.7.0 as distributed in OpenMRS Reference Application 2.8.0. The connected records confirm the affected software and the XXE root cause but do not provide additional exploit details, af...