Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmrs openmrs vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-43094
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.
Openmrs Openmrs
Openmrs Reference Application
9.8
CVSSv3
CVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote malicious user to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Xstream Project Xstream
Xstream Project Xstream 1.4.10
1 EDB exploit
4 Github repositories
9.8
CVSSv3
CVE-2017-12795
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
Openmrs Openmrs-module-htmlformentry 3.3.2
9.8
CVSSv3
CVE-2018-19276
OpenMRS prior to 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Openmrs Openmrs
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2018-16521
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
Openmrs Html Form Entry 3.7.0
Openmrs Reference Application 2.8.0
9.8
CVSSv3
CVE-2017-12796
The Reporting Compatibility Add On prior to 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application prior to 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute o...
Openmrs Openmrs
8.8
CVSSv3
CVE-2020-24621
A remote code execution (RCE) vulnerability exists in the htmlformentry (aka HTML Form Entry) module prior to 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and execut...
Openmrs Htmlformentry
8.8
CVSSv3
CVE-2017-7990
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
Openmrs Openmrs Module Reporting 1.12.0
7.5
CVSSv3
CVE-2022-23612
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/i...
Openmrs Openmrs
6.1
CVSSv3
CVE-2021-4291
A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be...
Openmrs Admin Ui Module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »