Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openemr
(Open\-Emr)| Repositories | https://github.com/openemr/openemr |
| #Vulnerabilities | 134 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-22 | CVE-2023-22972 | A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | Openemr | 5.4 | ||
| 2023-02-22 | CVE-2023-22973 | A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | Openemr | 8.8 | ||
| 2023-02-22 | CVE-2023-22974 | A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | Openemr | 7.5 | ||
| 2023-05-08 | CVE-2023-2566 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 4.8 | ||
| 2023-05-12 | CVE-2023-2674 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 4.3 | ||
| 2023-05-27 | CVE-2023-2942 | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 8.1 | ||
| 2023-05-27 | CVE-2023-2943 | Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 8.8 | ||
| 2023-05-27 | CVE-2023-2944 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 5.4 | ||
| 2023-05-27 | CVE-2023-2945 | Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 5.4 | ||
| 2023-05-27 | CVE-2023-2946 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | Openemr | 8.1 |