Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openemr
(Open\-Emr)Repositories | https://github.com/openemr/openemr |
#Vulnerabilities | 128 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-12-19 | CVE-2022-4615 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | Openemr | 6.1 | ||
2022-12-17 | CVE-2022-4567 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | Openemr | 8.1 | ||
2022-12-15 | CVE-2022-4502 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | Openemr | 6.1 | ||
2022-12-15 | CVE-2022-4503 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. | Openemr | 6.1 | ||
2022-12-15 | CVE-2022-4504 | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | Openemr | 7.5 | ||
2021-01-28 | CVE-2020-13569 | A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability. | Openemr | 8.8 | ||
2021-02-10 | CVE-2020-13565 | An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. | Openemr, Phpgacl | 6.1 | ||
2022-08-09 | CVE-2022-2729 | Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | Openemr | 5.4 | ||
2022-08-09 | CVE-2022-2730 | Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | Openemr | 6.5 | ||
2022-08-09 | CVE-2022-2731 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | Openemr | 6.1 |