Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-3963
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3964
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3965
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3966
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4
CVSSv2
CVE-2019-3967
In OpenEMR 5.0.1 and previous versions, the patient file download interface contains a directory traversal flaw that allows authenticated malicious users to download arbitrary files from the host system.
Open-emr Openemr
9
CVSSv2
CVE-2019-3968
In OpenEMR 5.0.1 and previous versions, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
Open-emr Openemr
NA
CVE-2023-2946
Improper Access Control in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
7.5
CVSSv2
CVE-2019-14529
OpenEMR prior to 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
Open-emr Openemr
1 Github repository
NA
CVE-2022-4502
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
6
CVSSv2
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »