Openemr
by Openemr
Source repositories
CVEs (217)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0875 | 0.00 | — | 0.00 | Nov 15, 2024 | A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message,… | |||
| CVE-2024-37734 | 0.00 | — | 0.01 | Jun 26, 2024 | An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. | |||
| CVE-2024-26476 | 0.00 | — | 0.00 | Feb 28, 2024 | An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. | |||
| CVE-2023-2950 | 0.00 | — | 0.01 | May 28, 2023 | Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2949 | 0.00 | — | 0.01 | May 28, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2943 | 0.00 | — | 0.01 | May 27, 2023 | Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2944 | 0.00 | — | 0.00 | May 27, 2023 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2946 | 0.00 | — | 0.00 | May 27, 2023 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2945 | 0.00 | — | 0.00 | May 27, 2023 | Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2942 | 0.00 | — | 0.01 | May 27, 2023 | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2674 | 0.00 | — | 0.01 | May 12, 2023 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-2566 | 0.00 | — | 0.01 | May 8, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | |||
| CVE-2023-22973 | 0.00 | — | 0.02 | Feb 22, 2023 | A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | |||
| CVE-2023-22974 | 0.00 | — | 0.02 | Feb 22, 2023 | A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | |||
| CVE-2023-22972 | 0.00 | — | 0.00 | Feb 22, 2023 | A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | |||
| CVE-2022-4733 | 0.00 | — | 0.01 | Dec 24, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. | |||
| CVE-2022-4615 | 0.00 | — | 0.01 | Dec 19, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | |||
| CVE-2022-4567 | 0.00 | — | 0.01 | Dec 17, 2022 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | |||
| CVE-2022-4503 | 0.00 | — | 0.01 | Dec 15, 2022 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. | |||
| CVE-2022-4505 | 0.00 | — | 0.01 | Dec 15, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. |
- CVE-2024-0875Nov 15, 2024risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message,…
- CVE-2024-37734Jun 26, 2024risk 0.00cvss —epss 0.01
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
- CVE-2024-26476Feb 28, 2024risk 0.00cvss —epss 0.00
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
- CVE-2023-2950May 28, 2023risk 0.00cvss —epss 0.01
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2949May 28, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2943May 27, 2023risk 0.00cvss —epss 0.01
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2944May 27, 2023risk 0.00cvss —epss 0.00
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2946May 27, 2023risk 0.00cvss —epss 0.00
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2945May 27, 2023risk 0.00cvss —epss 0.00
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2942May 27, 2023risk 0.00cvss —epss 0.01
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2674May 12, 2023risk 0.00cvss —epss 0.01
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-2566May 8, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
- CVE-2023-22973Feb 22, 2023risk 0.00cvss —epss 0.02
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
- CVE-2023-22974Feb 22, 2023risk 0.00cvss —epss 0.02
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
- CVE-2023-22972Feb 22, 2023risk 0.00cvss —epss 0.00
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
- CVE-2022-4733Dec 24, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
- CVE-2022-4615Dec 19, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
- CVE-2022-4567Dec 17, 2022risk 0.00cvss —epss 0.01
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
- CVE-2022-4503Dec 15, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
- CVE-2022-4505Dec 15, 2022risk 0.00cvss —epss 0.01
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
Page 8 of 11