Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmrs vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-24621
A remote code execution (RCE) vulnerability exists in the htmlformentry (aka HTML Form Entry) module prior to 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and execut...
Openmrs Htmlformentry
4.3
CVSSv2
CVE-2020-5728
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting.
Openmrs Openmrs
4.3
CVSSv2
CVE-2020-5729
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue.
Openmrs Openmrs
4.3
CVSSv2
CVE-2020-5730
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.
Openmrs Openmrs
4.3
CVSSv2
CVE-2020-5731
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.
Openmrs Openmrs
5.8
CVSSv2
CVE-2020-5732
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators.
Openmrs Openmrs
5.8
CVSSv2
CVE-2020-5733
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.
Openmrs Openmrs
7.5
CVSSv2
CVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote malicious user to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Xstream Project Xstream
Xstream Project Xstream 1.4.10
1 EDB exploit
4 Github repositories
7.5
CVSSv2
CVE-2017-12795
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
Openmrs Openmrs-module-htmlformentry 3.3.2
10
CVSSv2
CVE-2018-19276
OpenMRS prior to 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Openmrs Openmrs
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »