Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openemr
(Open\-Emr)| Repositories | https://github.com/openemr/openemr |
| #Vulnerabilities | 134 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-27 | CVE-2023-2947 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 4.8 | ||
| 2023-05-28 | CVE-2023-2948 | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 6.1 | ||
| 2023-05-28 | CVE-2023-2949 | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 6.1 | ||
| 2023-05-28 | CVE-2023-2950 | Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 8.1 | ||
| 2024-11-15 | CVE-2024-0875 | A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1. | Openemr | 4.8 | ||
| 2019-08-02 | CVE-2019-14529 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | Openemr | 9.8 | ||
| 2019-08-13 | CVE-2019-14530 | An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. | Openemr | 8.8 | ||
| 2018-08-13 | CVE-2018-15139 | Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | Openemr | 8.8 | ||
| 2018-08-15 | CVE-2018-15152 | Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11)... | Openemr | 9.1 | ||
| 2017-06-02 | CVE-2017-9380 | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | Openemr | 8.8 |