Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-2494
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.
Open-emr Openemr
5.4
CVSSv3
CVE-2023-22972
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
Open-emr Openemr
8.8
CVSSv3
CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Open-emr Openemr
7.5
CVSSv3
CVE-2023-22974
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
Open-emr Openemr
1 Github repository
5.4
CVSSv3
CVE-2022-2824
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
4.8
CVSSv3
CVE-2022-4733
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29139
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the searchFields parameter.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29142
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29143
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »