A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Max CVSS
8.8
EPSS Score
0.94%
Published
2023-02-22
Updated
2023-03-03
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-10-21
Updated
2019-10-21
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
Max CVSS
6.1
EPSS Score
1.07%
Published
2019-08-20
Updated
2019-08-26
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
Max CVSS
6.1
EPSS Score
1.07%
Published
2019-08-20
Updated
2019-08-22
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
Max CVSS
6.1
EPSS Score
1.07%
Published
2019-08-20
Updated
2019-08-22
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
Max CVSS
6.1
EPSS Score
1.07%
Published
2019-08-20
Updated
2019-08-22
6 vulnerabilities found