Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openemr
(Open\-Emr)| Repositories | https://github.com/openemr/openemr |
| #Vulnerabilities | 140 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-23 | CVE-2025-32794 | OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders ? Procedure Orders.... | Openemr | N/A | ||
| 2025-05-23 | CVE-2025-32967 | OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue. | Openemr | N/A | ||
| 2025-05-23 | CVE-2025-43860 | OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of... | Openemr | N/A | ||
| 2024-02-28 | CVE-2024-26476 | An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. | Openemr | N/A | ||
| 2025-03-31 | CVE-2025-29772 | OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3. | Openemr | 6.1 | ||
| 2025-03-31 | CVE-2025-30161 | OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. | Openemr | 5.4 |