Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
6.1
CVSSv3
CVE-2022-4502
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
6.1
CVSSv3
CVE-2022-4503
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
7.5
CVSSv3
CVE-2022-4504
Improper Input Validation in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
4.3
CVSSv3
CVE-2022-4505
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
6.5
CVSSv3
CVE-2018-15141
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Open-emr Openemr
1 EDB exploit
8.8
CVSSv3
CVE-2018-9250
interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.
Open-emr Openemr
8.1
CVSSv3
CVE-2023-2942
Improper Input Validation in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
8.8
CVSSv3
CVE-2023-2943
Code Injection in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
6.1
CVSSv3
CVE-2018-18035
A vulnerability in flashcanvas.swf in OpenEMR prior to 5.0.1 Patch 6 could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »