Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openemr
(Open\-Emr)| Repositories | https://github.com/openemr/openemr |
| #Vulnerabilities | 137 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-28 | CVE-2024-26476 | An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. | Openemr | N/A | ||
| 2025-03-31 | CVE-2025-29772 | OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3. | Openemr | 6.1 | ||
| 2025-03-31 | CVE-2025-30161 | OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. | Openemr | 5.4 | ||
| 2025-04-01 | CVE-2025-31121 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1. | Openemr | 5.4 | ||
| 2025-03-25 | CVE-2025-29789 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue. | Openemr | 7.5 | ||
| 2021-03-22 | CVE-2021-25917 | In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | Openemr | 4.8 | ||
| 2021-03-22 | CVE-2021-25918 | In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | Openemr | 4.8 | ||
| 2021-03-22 | CVE-2021-25919 | In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | Openemr | 4.8 | ||
| 2021-03-22 | CVE-2021-25920 | In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user. | Openemr | 6.5 | ||
| 2021-03-22 | CVE-2021-25921 | In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit. | Openemr | 5.4 |