Latest open-emr openemr Vulnerabilities

CVE-2023-2949
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2948
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2950
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2946
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2947
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2943
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2945
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2942
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2944
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-2674
Open-emr Openemr<7.0.1
CVE-2023-2566
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Open-emr Openemr<7.0.1
CVE-2023-22972
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML vi...
Open-emr Openemr<7.0.0
CVE-2023-22974
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
Open-emr Openemr<7.0.0
CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Open-emr Openemr<7.0.0
CVE-2022-4733
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4615
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4567
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4504
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4505
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4506
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4503
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-4502
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Open-emr Openemr<7.0.0.2
CVE-2022-2824
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2734
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2732
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2730
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2733
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2729
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2731
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Open-emr Openemr<7.0.0.1
CVE-2022-2493
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
Open-emr Openemr<7.0.0
CVE-2022-1461
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
Open-emr Openemr<6.1.0.1
CVE-2022-1458
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.
Open-emr Openemr<6.1.0.1
CVE-2022-1459
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
Open-emr Openemr<6.1.0.1
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Open-emr Openemr=5.0.2
Open-emr Openemr=6.0.0
Phpgacl Project Phpgacl=3.3.7
CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
Open-emr Openemr<6.0.0.2
CVE-2022-1179
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
Open-emr Openemr<6.0.0.4
CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
Open-emr Openemr<6.0.0.4
CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
Open-emr Openemr<6.0.0.4
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
Open-emr Openemr<6.1.0
CVE-2022-24643
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.
Open-emr Openemr=6.0.0
CVE-2022-25041
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.
Open-emr Openemr=6.0.0
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/...
Open-emr Openemr=6.0.0
CVE-2021-41843
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as d...
Open-emr Openemr=6.0.0
Open-emr Openemr=6.0.0-patch_1
Open-emr Openemr=6.0.0-patch_2
CVE-2021-40352
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
Open-emr Openemr=6.0.0
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of th...
Open-emr Openemr>=5.0.0<=6.0.0.1
CVE-2021-32101
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an ...
Open-emr Openemr=5.0.2.1
CVE-2021-32103
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
Open-emr Openemr<=5.0.2.1
CVE-2021-32102
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
Open-emr Openemr=5.0.2.1
CVE-2020-13566
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_gro...
Open-emr Openemr=5.0.2
Phpgacl Project Phpgacl=3.3.7
CVE-2021-25922
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url an...
Open-emr Openemr>=4.2.0<=6.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203