VYPR

Vendor CVEs

Openemr

All CVEs

217 total · sorted by risk
  • CVE-2006-5811Nov 8, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter.

  • CVE-2006-5795Nov 8, 2006
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c)…

  • CVE-2006-2929Jun 9, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter.

  • CVE-2019-3966Aug 20, 2019
    risk 0.02cvss epss 0.01

    In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

  • CVE-2019-3965Aug 20, 2019
    risk 0.02cvss epss 0.01

    In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

  • CVE-2019-3963Aug 20, 2019
    risk 0.02cvss epss 0.54

    In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

  • CVE-2019-14529Aug 2, 2019
    risk 0.02cvss epss 0.28

    OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.

  • CVE-2025-31121Apr 1, 2025
    risk 0.01cvss epss 0.12

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.

  • CVE-2025-30161Mar 31, 2025
    risk 0.01cvss epss 0.06

    OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This…

  • CVE-2019-3964Aug 20, 2019
    risk 0.01cvss epss 0.54

    In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

  • CVE-2026-34056Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper…

  • CVE-2026-34055Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates and deletes using `WHERE id = ?` without verifying that the note…

  • CVE-2026-34053Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows any authenticated user, regardless…

  • CVE-2026-34051Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct…

  • CVE-2026-33934Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn…

  • CVE-2026-33933Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute…

  • CVE-2026-33932Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute…

  • CVE-2026-33931Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the patient portal payment page allows any authenticated portal patient to access other…

  • CVE-2026-33918Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does…

  • CVE-2026-33917Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to…

  • CVE-2026-33915Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::request_authorization_check()` call that every other data-modifying route in the…

  • CVE-2026-33914Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the `categoriesUpdate` administrative function. The `dels` POST parameter is…

  • CVE-2026-33913Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include…

  • CVE-2026-33912Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser…

  • CVE-2026-33911Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built with `json_encode()`. Because the response is served with a `text/html`…

  • CVE-2026-33910Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The…

  • CVE-2026-33909Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting,…

  • CVE-2026-33348Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit…

  • CVE-2026-32120Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.php`) allows any authenticated…

  • CVE-2026-29187Mar 25, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). The vulnerability allows an…

  • CVE-2026-33346Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that…

  • CVE-2026-33305Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) allows any authenticated OpenEMR user to invoke controller methods — including…

  • CVE-2026-33304Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including…

  • CVE-2026-33303Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential print view. A patient portal user…

  • CVE-2026-33302Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence of any "allow" (user or group). It never checks for explicit "deny"…

  • CVE-2026-33321Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An…

  • CVE-2026-33301Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An…

  • CVE-2026-33299Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill **Eye Exam** forms in patient encounters. The answers to the form are displayed on the encounter page…

  • CVE-2026-32119Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin (`library/js/SearchHighlight.js`) allows an authenticated user with encounter form write access to…

  • CVE-2026-32238Mar 19, 2026
    risk 0.00cvss epss 0.02

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due…

  • CVE-2026-25928Mar 19, 2026
    risk 0.00cvss epss 0.01

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences…

  • CVE-2026-25744Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an `id` in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current…

  • CVE-2026-25745Mar 18, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint (e.g. PUT or POST) updates by message/note ID only and does not verify that the message belongs to the…

  • CVE-2026-32127Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to…

  • CVE-2026-32126Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route() causes the admin/super ACL check to be enforced only for controllers that already have their own…

  • CVE-2026-32125Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input (POST) and later rendered in Dygraph charts (titles/labels) using innerHTML or…

  • CVE-2026-32124Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions (code_text) that are rendered in the front end (e.g. DataTables) without HTML escaping. If…

  • CVE-2026-32123Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while group encounters store sensitivity…

  • CVE-2026-32122Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does…

  • CVE-2026-32121Mar 11, 2026
    risk 0.00cvss epss 0.00

    OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo.…

Page 2 of 5