Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-29143
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
3.5
CVSSv2
CVE-2021-25917
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when cr...
Open-emr Openemr
3.5
CVSSv2
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a n...
Open-emr Openemr
3.5
CVSSv2
CVE-2021-25921
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
Open-emr Openemr
7.5
CVSSv2
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
5.5
CVSSv2
CVE-2018-10572
interface/patient_file/letter.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-10573
interface/fax/fax_dispatch.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
Open-emr Openemr
NA
CVE-2022-2493
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr before 7.0.0.
Open-emr Openemr
NA
CVE-2022-2494
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.
Open-emr Openemr
NA
CVE-2022-2729
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »