Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-4615
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
9.8
CVSSv3
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
4.8
CVSSv3
CVE-2021-25918
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a n...
Open-emr Openemr
6.5
CVSSv3
CVE-2021-25920
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
Open-emr Openemr
8.1
CVSSv3
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Open-emr Openemr
4.3
CVSSv3
CVE-2022-4505
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
6.1
CVSSv3
CVE-2018-18035
A vulnerability in flashcanvas.swf in OpenEMR prior to 5.0.1 Patch 6 could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack on a targeted system.
Open-emr Openemr
4.3
CVSSv3
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr before 6.1.0.
Open-emr Openemr
5.4
CVSSv3
CVE-2022-1179
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-3964
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »