Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-14529
OpenEMR prior to 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
Open-emr Openemr
1 Github repository
4.3
CVSSv2
CVE-2018-10571
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR prior to 5.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_cla...
Open-emr Openemr
5.5
CVSSv2
CVE-2018-10572
interface/patient_file/letter.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-10573
interface/fax/fax_dispatch.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2017-1000241
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.
Open-emr Openemr
7.5
CVSSv2
CVE-2019-17197
OpenEMR up to and including 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
Open-emr Openemr
NA
CVE-2022-4733
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3963
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3964
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3965
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »