Open Emr
open-emr
217 CVEs • 1 product
Products (1)
Click to collapseToggle
Products (1)
Click to collapse
CVEs (217)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. |
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. |
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. |
2Open Emr Phpgacl Project2Openemr PhpgaclNov 21, 2024 Apr 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. |
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. |
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. |
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. |
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. |
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. |
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. |
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. |
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/reg...Show more |
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /...Show more |
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. |
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s pass...Show more |
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1. |
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter. |
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1. |
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing t...Show more |
2Open Emr Phpgacl Project2Openemr PhpgaclNov 21, 2024 Apr 13, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST...Show more |