Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr openemr vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Open-emr Openemr 5.0.2
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 6.0.0
5.4
CVSSv3
CVE-2023-22972
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
Open-emr Openemr
5.4
CVSSv3
CVE-2021-25921
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 ia the id parameter.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29139
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the searchFields parameter.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29143
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
4.8
CVSSv3
CVE-2021-32103
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR prior to 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
Open-emr Openemr
4.8
CVSSv3
CVE-2022-4733
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3963
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »