Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR up to and including 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 ia the id parameter.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-16862
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 allows a remote malicious user to execute arbitrary code in the context of a user's session via the pid parameter.
Open-emr Openemr
9.8
CVSSv3
CVE-2019-17197
OpenEMR up to and including 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
Open-emr Openemr
6.1
CVSSv3
CVE-2019-8368
OpenEMR v5.0.1-6 allows XSS.
Open-emr Openemr 5.0.1-6
7.2
CVSSv3
CVE-2019-8371
OpenEMR v5.0.1-6 allows code execution.
Open-emr Openemr 5.0.1-6
8.8
CVSSv3
CVE-2019-3968
In OpenEMR 5.0.1 and previous versions, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3963
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3964
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »