Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr before 6.1.0.
Open-emr Openemr
3.5
CVSSv2
CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
3.5
CVSSv2
CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
3.5
CVSSv2
CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.2.
Open-emr Openemr
NA
CVE-2022-2824
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2023-2674
Improper Access Control in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
3.5
CVSSv2
CVE-2021-25919
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
Open-emr Openemr
5.5
CVSSv2
CVE-2021-25920
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
Open-emr Openemr
6.8
CVSSv2
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Open-emr Openemr
3.5
CVSSv2
CVE-2022-1458
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr before 6.1.0.1.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »