Openmrs

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-5730 1Openmrs 1Openmrs Nov 21, 2024 Apr 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.
CVE-2020-5729 1Openmrs 1Openmrs Nov 21, 2024 Apr 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this iss...Show more In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue.Show less
CVE-2020-5728 1Openmrs 1Openmrs Nov 21, 2024 Apr 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibili...Show more OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting.Show less
CVE-2017-12795 1Openmrs 1Openmrs Module Htmlformentry Nov 21, 2024 May 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
CVE-2018-19276 1Openmrs 1Openmrs Nov 21, 2024 Mar 21, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
CVE-2018-16521 1Openmrs 2Html Form Entry Reference Application Nov 21, 2024 Sep 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
CVE-2017-12796 1Openmrs 1Openmrs May 13, 2026 Oct 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is...Show more The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request.Show less
CVE-2017-7990 1Openmrs 1Openmrs Module Reporting May 13, 2026 Apr 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
CVE-2014-8073 1Openmrs 1Openmrs May 6, 2026 Oct 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/us...Show more Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.Show less
CVE-2014-8072 1Openmrs 1Openmrs May 6, 2026 Oct 23, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
CVE-2014-8071 1Openmrs 1Openmrs May 6, 2026 Oct 23, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 par...Show more Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page.Show less

Previous 12