Filtered by vendor Open-emr
Subscriptions
Filtered by product Openemr
Subscriptions
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4615 | 1 Open-emr | 1 Openemr | 2022-12-23 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4567 | 1 Open-emr | 1 Openemr | 2022-12-21 | 8.1 High |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4503 | 1 Open-emr | 1 Openemr | 2022-12-16 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4502 | 1 Open-emr | 1 Openemr | 2022-12-16 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4504 | 1 Open-emr | 1 Openemr | 2022-12-16 | 7.5 High |
| Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2020-13565 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-10-07 | 6.1 Medium |
| An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2020-13569 | 1 Open-emr | 1 Openemr | 2022-10-07 | 8.8 High |
| A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2017-1000241 | 1 Open-emr | 1 Openemr | 2022-10-03 | N/A |
| The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. | ||||
| CVE-2017-1000240 | 1 Open-emr | 1 Openemr | 2022-10-03 | N/A |
| The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-1000219 | 1 Open-emr | 1 Openemr | 2022-10-03 | N/A |
| OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | ||||
| CVE-2018-1000218 | 1 Open-emr | 1 Openemr | 2022-10-03 | N/A |
| OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | ||||
| CVE-2013-4619 | 1 Open-emr | 1 Openemr | 2022-10-03 | N/A |
| Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. | ||||
| CVE-2013-4620 | 1 Open-emr | 1 Openemr | 2022-10-03 | N/A |
| Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. | ||||
| CVE-2022-2729 | 1 Open-emr | 1 Openemr | 2022-08-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2730 | 1 Open-emr | 1 Openemr | 2022-08-12 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2731 | 1 Open-emr | 1 Openemr | 2022-08-12 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2734 | 1 Open-emr | 1 Openemr | 2022-08-12 | 5.4 Medium |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2733 | 1 Open-emr | 1 Openemr | 2022-08-12 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2020-13566 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-06 | 8.8 High |
| SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | ||||
| CVE-2020-13568 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-06 | 8.8 High |
| SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | ||||