Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
OpenEMR

Vulnerabilities

CVE-2024-0875

HIGH

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

Published Nov 15, 2024

CVE-2024-37734

CRITICAL

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

Published Jun 26, 2024

CVE-2023-2950

MEDIUM

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

Published May 28, 2023

CVE-2023-2949

HIGH

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

Published May 28, 2023

CVE-2023-2948

HIGH

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

Published May 28, 2023

CVE-2023-2946

MEDIUM

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Published May 27, 2023

CVE-2023-2944

MEDIUM

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Published May 27, 2023

CVE-2023-2943

MEDIUM

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

Published May 27, 2023

CVE-2023-2945

MEDIUM

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

Published May 27, 2023

CVE-2023-2942

HIGH

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.

Published May 27, 2023

CVE-2023-2947

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

Published May 27, 2023

CVE-2023-2674

HIGH

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Published May 12, 2023

CVE-2023-2566

HIGH

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

Published May 08, 2023

CVE-2022-4733

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 24, 2022

CVE-2022-4615

HIGH

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 19, 2022

CVE-2022-4567

HIGH

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 17, 2022

CVE-2022-4503

MEDIUM

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 15, 2022

CVE-2022-4504

HIGH

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 15, 2022

CVE-2022-4506

HIGH

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 15, 2022

CVE-2022-4502

HIGH

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 15, 2022

CVE-2022-4505

HIGH

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

Published Dec 15, 2022

CVE-2022-2824

HIGH

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 15, 2022

CVE-2022-2734

CRITICAL

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 09, 2022

CVE-2022-2732

HIGH

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 09, 2022

CVE-2022-2733

CRITICAL

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 09, 2022

CVE-2022-2731

MEDIUM

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 09, 2022

CVE-2022-2729

MEDIUM

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 09, 2022

CVE-2022-2730

MEDIUM

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Published Aug 09, 2022

CVE-2022-2494

MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

Published Jul 22, 2022

CVE-2022-2493

HIGH

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

Published Jul 22, 2022

CVE-2022-1461

HIGH

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

Published Apr 25, 2022

CVE-2022-1459

HIGH

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

Published Apr 25, 2022

CVE-2022-1458

HIGH

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

Published Apr 25, 2022

CVE-2020-13567

HIGH

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Published Apr 18, 2022

CVE-2022-1179

MEDIUM

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

Published Mar 30, 2022

CVE-2022-1180

MEDIUM

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

Published Mar 30, 2022

CVE-2022-1181

HIGH

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

Published Mar 30, 2022

CVE-2022-1177

MEDIUM

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

Published Mar 30, 2022

CVE-2022-1178

HIGH

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

Published Mar 30, 2022