Product:

Openemr

(Open\-Emr)
Repositories https://github.com/openemr/openemr
#Vulnerabilities 134
Date Id Summary Products Score Patch Annotated
2021-12-17 CVE-2021-41843 An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. Openemr 6.5
2022-03-03 CVE-2022-25471 An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. Openemr 8.1
2022-03-23 CVE-2022-25041 OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. Openemr 4.3
2022-03-25 CVE-2022-24643 A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. Openemr 5.4
2022-03-30 CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. Openemr 4.3
2022-03-30 CVE-2022-1178 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Openemr 5.4
2022-03-30 CVE-2022-1179 Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Openemr 5.4
2022-03-30 CVE-2022-1180 Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Openemr 3.5
2022-03-30 CVE-2022-1181 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Openemr 5.4
2022-04-18 CVE-2020-13567 Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Openemr, Phpgacl 9.8