Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr openemr vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2017-9380
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
Open-emr Openemr
NA
CVE-2022-4567
Improper Access Control in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
NA
CVE-2022-4615
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
312
VMScore
CVE-2021-25917
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when cr...
Open-emr Openemr
312
VMScore
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a n...
Open-emr Openemr
312
VMScore
CVE-2021-25919
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
Open-emr Openemr
490
VMScore
CVE-2021-25920
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
Open-emr Openemr
312
VMScore
CVE-2021-25921
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
Open-emr Openemr
383
VMScore
CVE-2021-25922
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.
Open-emr Openemr
NA
CVE-2022-2494
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.
Open-emr Openemr
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »