Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openemr
(Open\-Emr)Repositories | https://github.com/openemr/openemr |
#Vulnerabilities | 128 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-05-28 | CVE-2023-2948 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 6.1 | ||
2023-05-28 | CVE-2023-2949 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 6.1 | ||
2023-05-28 | CVE-2023-2950 | Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 8.1 | ||
2023-05-12 | CVE-2023-2674 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 4.3 | ||
2023-05-08 | CVE-2023-2566 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 4.8 | ||
2019-08-02 | CVE-2019-14529 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | Openemr | 9.8 | ||
2023-02-22 | CVE-2023-22972 | A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | Openemr | 5.4 | ||
2023-02-22 | CVE-2023-22973 | A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | Openemr | 8.8 | ||
2023-02-22 | CVE-2023-22974 | A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | Openemr | 7.5 | ||
2022-12-27 | CVE-2022-4733 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. | Openemr | 4.8 |