Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-15155
OS command injection occurring in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in inte...
Open-emr Openemr
5.4
CVSSv3
CVE-2022-1458
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr before 6.1.0.1.
Open-emr Openemr
8.3
CVSSv3
CVE-2022-1459
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr before 6.1.0.1.
Open-emr Openemr
6.5
CVSSv3
CVE-2022-1461
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr before 6.1.0.1.
Open-emr Openemr
6.1
CVSSv3
CVE-2018-10571
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR prior to 5.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_cla...
Open-emr Openemr
8.8
CVSSv3
CVE-2018-10573
interface/fax/fax_dispatch.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
Open-emr Openemr
5.4
CVSSv3
CVE-2022-2824
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
6.5
CVSSv3
CVE-2018-10572
interface/patient_file/letter.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
Open-emr Openemr
4.8
CVSSv3
CVE-2023-2566
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
8.1
CVSSv3
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated malicious user to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Open-emr Openemr 6.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »