VYPR

Openemr

by Openemr

Source repositories

CVEs (217)

  • CVE-2024-0875Nov 15, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message,…

  • CVE-2024-37734Jun 26, 2024
    risk 0.00cvss epss 0.01

    An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

  • CVE-2024-26476Feb 28, 2024
    risk 0.00cvss epss 0.00

    An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.

  • CVE-2023-2950May 28, 2023
    risk 0.00cvss epss 0.01

    Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2949May 28, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2943May 27, 2023
    risk 0.00cvss epss 0.01

    Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2944May 27, 2023
    risk 0.00cvss epss 0.00

    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2946May 27, 2023
    risk 0.00cvss epss 0.00

    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2945May 27, 2023
    risk 0.00cvss epss 0.00

    Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2942May 27, 2023
    risk 0.00cvss epss 0.01

    Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2674May 12, 2023
    risk 0.00cvss epss 0.01

    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-2566May 8, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

  • CVE-2023-22973Feb 22, 2023
    risk 0.00cvss epss 0.02

    A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.

  • CVE-2023-22974Feb 22, 2023
    risk 0.00cvss epss 0.02

    A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

  • CVE-2023-22972Feb 22, 2023
    risk 0.00cvss epss 0.00

    A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

  • CVE-2022-4733Dec 24, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

  • CVE-2022-4615Dec 19, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

  • CVE-2022-4567Dec 17, 2022
    risk 0.00cvss epss 0.01

    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

  • CVE-2022-4503Dec 15, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

  • CVE-2022-4505Dec 15, 2022
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

Page 8 of 11