Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-3965
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3966
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
6.5
CVSSv3
CVE-2019-3967
In OpenEMR 5.0.1 and previous versions, the patient file download interface contains a directory traversal flaw that allows authenticated malicious users to download arbitrary files from the host system.
Open-emr Openemr
8.8
CVSSv3
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
9.8
CVSSv3
CVE-2019-14529
OpenEMR prior to 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
Open-emr Openemr
1 Github repository
9.8
CVSSv3
CVE-2018-17179
An issue exists in OpenEMR prior to 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
Open-emr Openemr
1 Github repository
5.3
CVSSv3
CVE-2018-17180
An issue exists in OpenEMR prior to 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
Open-emr Openemr
9.8
CVSSv3
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
6.1
CVSSv3
CVE-2018-18035
A vulnerability in flashcanvas.swf in OpenEMR prior to 5.0.1 Patch 6 could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system.
Open-emr Openemr
5.4
CVSSv3
CVE-2018-1000218
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated malicious users to inject arbitrary web script or HTML.. ...
Open-emr Openemr 5.0.1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »