EMR

CVEs (14)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2022-31496	LibreHealth EMR	—	0.00	Jun 8, 2022	LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2022-31497	LibreHealth EMR	—	0.00	Jun 8, 2022	LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
CVE-2022-31495	LibreHealth EMR	—	0.00	Jun 7, 2022	LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
CVE-2022-31494	LibreHealth EMR	—	0.00	Jun 6, 2022	LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
CVE-2022-31498	LibreHealth EMR	—	0.00	Jun 6, 2022	LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
CVE-2022-31492	LibreHealth EMR	—	0.00	Jun 6, 2022	Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVE-2022-31493	LibreHealth EMR	—	0.00	Jun 6, 2022	LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
CVE-2022-29938	LibreHealth EMR	—	0.00	May 5, 2022	In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
CVE-2022-29939	LibreHealth EMR	—	0.00	May 5, 2022	In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29940	LibreHealth EMR	—	0.00	May 5, 2022	In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2020-11438	LibreHealth EMR	—	0.00	Jul 15, 2020	LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVE-2020-11436	LibreHealth EMR	—	0.01	Jul 15, 2020	LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVE-2020-11437	LibreHealth EMR	—	0.00	Jul 15, 2020	LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVE-2020-11439	LibreHealth EMR	—	0.01	Jul 15, 2020	LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

CVE-2022-31496Jun 8, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2022-31497Jun 8, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
CVE-2022-31495Jun 7, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
CVE-2022-31494Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
CVE-2022-31498Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
CVE-2022-31492Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVE-2022-31493Jun 6, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
CVE-2022-29938May 5, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
CVE-2022-29939May 5, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29940May 5, 2022
LibreHealth
EMR
risk 0.00cvss —epss 0.00
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2020-11438Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVE-2020-11436Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.01
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVE-2020-11437Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.00
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVE-2020-11439Jul 15, 2020
LibreHealth
EMR
risk 0.00cvss —epss 0.01
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.