Product:

Openemr

(Open\-Emr)
Repositories https://github.com/openemr/openemr
#Vulnerabilities 140
Date Id Summary Products Score Patch Annotated
2023-05-27 CVE-2023-2944 Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Openemr 5.4
2023-05-27 CVE-2023-2945 Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. Openemr 5.4
2023-05-27 CVE-2023-2946 Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Openemr 8.1
2023-05-27 CVE-2023-2947 Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. Openemr 4.8
2023-05-28 CVE-2023-2948 Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. Openemr 6.1
2023-05-28 CVE-2023-2949 Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. Openemr 6.1
2023-05-28 CVE-2023-2950 Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. Openemr 8.1
2024-11-15 CVE-2024-0875 A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1. Openemr 4.8
2019-08-02 CVE-2019-14529 OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. Openemr 9.8
2019-08-13 CVE-2019-14530 An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. Openemr 8.8