Vulnerabilities (CVE)

Filtered by vendor Open-emr Subscribe
Filtered by product Openemr
Total 129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2950 1 Open-emr 1 Openemr 2024-11-21 N/A 8.1 HIGH
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2949 1 Open-emr 1 Openemr 2024-11-21 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2948 1 Open-emr 1 Openemr 2024-11-21 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2947 1 Open-emr 1 Openemr 2024-11-21 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2946 1 Open-emr 1 Openemr 2024-11-21 N/A 8.1 HIGH
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2945 1 Open-emr 1 Openemr 2024-11-21 N/A 5.4 MEDIUM
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2944 1 Open-emr 1 Openemr 2024-11-21 N/A 5.4 MEDIUM
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2943 1 Open-emr 1 Openemr 2024-11-21 N/A 8.8 HIGH
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2942 1 Open-emr 1 Openemr 2024-11-21 N/A 8.1 HIGH
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2674 1 Open-emr 1 Openemr 2024-11-21 N/A 4.3 MEDIUM
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2566 1 Open-emr 1 Openemr 2024-11-21 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-22974 1 Open-emr 1 Openemr 2024-11-21 N/A 7.5 HIGH
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
CVE-2023-22973 1 Open-emr 1 Openemr 2024-11-21 N/A 8.8 HIGH
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
CVE-2023-22972 1 Open-emr 1 Openemr 2024-11-21 N/A 5.4 MEDIUM
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
CVE-2022-4733 1 Open-emr 1 Openemr 2024-11-21 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4615 1 Open-emr 1 Openemr 2024-11-21 N/A 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4567 1 Open-emr 1 Openemr 2024-11-21 N/A 8.1 HIGH
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4506 1 Open-emr 1 Openemr 2024-11-21 N/A 8.8 HIGH
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4505 1 Open-emr 1 Openemr 2024-11-21 N/A 8.8 HIGH
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4504 1 Open-emr 1 Openemr 2024-11-21 N/A 7.5 HIGH
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.