Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2729
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2022-2730
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2022-2733
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2022-2734
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
578
VMScore
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
383
VMScore
CVE-2019-16862
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 allows a remote malicious user to execute arbitrary code in the context of a user's session via the pid parameter.
Open-emr Openemr
383
VMScore
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 ia the id parameter.
Open-emr Openemr
445
VMScore
CVE-2017-16540
OpenEMR prior to 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.
Open-emr Openemr
578
VMScore
CVE-2018-15139
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images ...
Open-emr Openemr
1 Github repository
405
VMScore
CVE-2018-15140
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
Open-emr Openemr
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »