Open-emr : Security Vulnerabilities, CVEs, CVSS score >= 4
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
Max CVSS
7.5
EPSS Score
0.47%
Published
2023-02-22
Updated
2023-03-03
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Max CVSS
8.8
EPSS Score
0.94%
Published
2023-02-22
Updated
2023-03-03
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
Max CVSS
5.4
EPSS Score
0.15%
Published
2023-02-22
Updated
2023-03-03
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.1
EPSS Score
0.34%
Published
2023-05-28
Updated
2023-06-01
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.3
EPSS Score
0.40%
Published
2023-05-28
Updated
2023-06-01
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.3
EPSS Score
0.40%
Published
2023-05-28
Updated
2023-06-01
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
4.8
EPSS Score
0.75%
Published
2023-05-27
Updated
2023-06-01
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.1
EPSS Score
0.25%
Published
2023-05-27
Updated
2023-06-01
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
5.4
EPSS Score
0.48%
Published
2023-05-27
Updated
2023-06-01
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
6.3
EPSS Score
0.34%
Published
2023-05-27
Updated
2023-06-01
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-05-27
Updated
2023-06-01
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.1
EPSS Score
0.34%
Published
2023-05-27
Updated
2023-06-01
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.8
EPSS Score
0.40%
Published
2023-05-12
Updated
2023-05-22
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
7.5
EPSS Score
1.49%
Published
2023-05-08
Updated
2023-05-11
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Max CVSS
8.1
EPSS Score
0.16%
Published
2022-03-03
Updated
2022-03-09
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.
Max CVSS
4.3
EPSS Score
0.13%
Published
2022-03-23
Updated
2022-03-29
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.
Max CVSS
5.4
EPSS Score
0.17%
Published
2022-03-25
Updated
2022-03-29
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
6.7
EPSS Score
0.84%
Published
2022-12-27
Updated
2023-01-05
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.3
EPSS Score
0.48%
Published
2022-12-19
Updated
2022-12-23
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.1
EPSS Score
0.15%
Published
2022-12-17
Updated
2022-12-21
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.8
EPSS Score
0.11%
Published
2022-12-15
Updated
2022-12-16
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.8
EPSS Score
0.18%
Published
2022-12-15
Updated
2023-07-11
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-12-15
Updated
2022-12-16
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
6.4
EPSS Score
0.48%
Published
2022-12-15
Updated
2022-12-16
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
7.3
EPSS Score
0.48%
Published
2022-12-15
Updated
2022-12-16