Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-4567
Improper Access Control in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
8.8
CVSSv3
CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Open-emr Openemr
7.5
CVSSv3
CVE-2023-22974
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
Open-emr Openemr
1 Github repository
6.1
CVSSv3
CVE-2019-3963
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3964
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3965
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3966
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.5
CVSSv3
CVE-2019-3967
In OpenEMR 5.0.1 and previous versions, the patient file download interface contains a directory traversal flaw that allows authenticated malicious users to download arbitrary files from the host system.
Open-emr Openemr
8.8
CVSSv3
CVE-2019-3968
In OpenEMR 5.0.1 and previous versions, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
Open-emr Openemr
8.8
CVSSv3
CVE-2020-13569
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the vic...
Open-emr Openemr 5.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »