Open-emr : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2023-22973

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Max CVSS
8.8
EPSS Score
0.94%
Published
2023-02-22
Updated
2023-03-03

CVE-2023-2950

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.1
EPSS Score
0.34%
Published
2023-05-28
Updated
2023-06-01

CVE-2023-2949

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.3
EPSS Score
0.40%
Published
2023-05-28
Updated
2023-06-01

CVE-2023-2948

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.3
EPSS Score
0.40%
Published
2023-05-28
Updated
2023-06-01

CVE-2023-2946

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.1
EPSS Score
0.25%
Published
2023-05-27
Updated
2023-06-01

CVE-2023-2943

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-05-27
Updated
2023-06-01

CVE-2023-2942

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.1
EPSS Score
0.34%
Published
2023-05-27
Updated
2023-06-01

CVE-2023-2674

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Max CVSS
8.8
EPSS Score
0.40%
Published
2023-05-12
Updated
2023-05-22

CVE-2022-25471

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
Max CVSS
8.1
EPSS Score
0.16%
Published
2022-03-03
Updated
2022-03-09

CVE-2022-4615

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.3
EPSS Score
0.48%
Published
2022-12-19
Updated
2022-12-23

CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.1
EPSS Score
0.15%
Published
2022-12-17
Updated
2022-12-21

CVE-2022-4506

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.8
EPSS Score
0.11%
Published
2022-12-15
Updated
2022-12-16

CVE-2022-4505

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
Max CVSS
8.8
EPSS Score
0.18%
Published
2022-12-15
Updated
2023-07-11

CVE-2022-2824

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
Max CVSS
8.8
EPSS Score
0.19%
Published
2022-08-15
Updated
2023-07-10

CVE-2022-2734

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
Max CVSS
10.0
EPSS Score
0.14%
Published
2022-08-09
Updated
2022-08-12

CVE-2022-2733

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Max CVSS
9.6
EPSS Score
0.14%
Published
2022-08-09
Updated
2022-08-12

CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
Max CVSS
8.3
EPSS Score
0.22%
Published
2022-08-09
Updated
2024-02-08

CVE-2022-2493

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
Max CVSS
8.3
EPSS Score
0.25%
Published
2022-07-22
Updated
2022-07-27

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
Max CVSS
8.1
EPSS Score
0.19%
Published
2022-04-25
Updated
2022-05-04

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
Max CVSS
8.3
EPSS Score
0.21%
Published
2022-04-25
Updated
2022-05-04

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
Max CVSS
8.0
EPSS Score
5.15%
Published
2022-03-30
Updated
2022-04-04

CVE-2021-32104

A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
Max CVSS
8.8
EPSS Score
0.19%
Published
2021-05-07
Updated
2021-05-11

CVE-2021-32102

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
Max CVSS
8.8
EPSS Score
0.19%
Published
2021-05-07
Updated
2021-05-11

CVE-2021-32101

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
Max CVSS
8.2
EPSS Score
0.33%
Published
2021-05-07
Updated
2021-05-11

CVE-2021-25923

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Max CVSS
8.1
EPSS Score
0.36%
Published
2021-06-24
Updated
2021-06-30
64 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close