Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmrs vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2018-19276
OpenMRS prior to 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Openmrs Openmrs
1 EDB exploit
1 Github repository
10
CVSSv2
CVE-2017-12796
The Reporting Compatibility Add On prior to 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application prior to 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute o...
Openmrs Openmrs
7.5
CVSSv2
CVE-2021-43094
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.
Openmrs Openmrs
Openmrs Reference Application
7.5
CVSSv2
CVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote malicious user to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Xstream Project Xstream
Xstream Project Xstream 1.4.10
1 EDB exploit
4 Github repositories
7.5
CVSSv2
CVE-2017-12795
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
Openmrs Openmrs-module-htmlformentry 3.3.2
7.5
CVSSv2
CVE-2018-16521
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
Openmrs Html Form Entry 3.7.0
Openmrs Reference Application 2.8.0
6.8
CVSSv2
CVE-2017-7990
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
Openmrs Openmrs Module Reporting 1.12.0
6.8
CVSSv2
CVE-2014-8073
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote malicious users to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
Openmrs Openmrs 2.1
6.5
CVSSv2
CVE-2020-24621
A remote code execution (RCE) vulnerability exists in the htmlformentry (aka HTML Form Entry) module prior to 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and execut...
Openmrs Htmlformentry
5.8
CVSSv2
CVE-2020-5732
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators.
Openmrs Openmrs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »