Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr openemr vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-15156
OS command injection occurring in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/supe...
Open-emr Openemr
356
VMScore
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr before 6.1.0.
Open-emr Openemr
312
VMScore
CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
312
VMScore
CVE-2022-1179
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
312
VMScore
CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
312
VMScore
CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.2.
Open-emr Openemr
605
VMScore
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Open-emr Openemr
NA
CVE-2022-2729
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2022-2732
Missing Authorization in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2022-2493
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr before 7.0.0.
Open-emr Openemr
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »