OpenEMR openemr/openemr vunspecified - 37 CVEs

CVE-2024-0875

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

HIGH CVSS 8.1 Published Nov 15, 2024

CVE-2023-2949

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

HIGH CVSS 8.3 Published May 28, 2023

CVE-2023-2950

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

MEDIUM CVSS 6.3 Published May 28, 2023

CVE-2023-2948

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

HIGH CVSS 8.3 Published May 28, 2023

CVE-2023-2947

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

MEDIUM CVSS 4.7 Published May 27, 2023

CVE-2023-2944

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

MEDIUM CVSS 6.3 Published May 27, 2023

CVE-2023-2946

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

MEDIUM CVSS 6.3 Published May 27, 2023

CVE-2023-2943

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

MEDIUM CVSS 4.6 Published May 27, 2023

CVE-2023-2942

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.

HIGH CVSS 8.1 Published May 27, 2023

CVE-2023-2945

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

MEDIUM CVSS 4.3 Published May 27, 2023

CVE-2023-2674

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

HIGH CVSS 8.8 Published May 12, 2023

CVE-2023-2566

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

HIGH CVSS 7.5 Published May 08, 2023

CVE-2022-4733

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

MEDIUM CVSS 6.7 Published Dec 24, 2022

CVE-2022-4615

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

HIGH CVSS 8.3 Published Dec 19, 2022

CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

HIGH CVSS 8.1 Published Dec 17, 2022

CVE-2022-4504

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

HIGH CVSS 7.1 Published Dec 15, 2022

CVE-2022-4505

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

HIGH CVSS 8.8 Published Dec 15, 2022

CVE-2022-4503

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

MEDIUM CVSS 6.4 Published Dec 15, 2022

CVE-2022-4506

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

HIGH CVSS 7.6 Published Dec 15, 2022

CVE-2022-4502

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

HIGH CVSS 7.3 Published Dec 15, 2022

CVE-2022-2824

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

HIGH CVSS 8.8 Published Aug 15, 2022

CVE-2022-2734

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

CRITICAL CVSS 10.0 Published Aug 09, 2022

CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

HIGH CVSS 8.3 Published Aug 09, 2022

CVE-2022-2733

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

CRITICAL CVSS 9.6 Published Aug 09, 2022

CVE-2022-2731

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

MEDIUM CVSS 5.4 Published Aug 09, 2022

CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

MEDIUM CVSS 5.4 Published Aug 09, 2022

CVE-2022-2730

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

MEDIUM CVSS 6.5 Published Aug 09, 2022

CVE-2022-2494

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

MEDIUM CVSS 6.3 Published Jul 22, 2022

CVE-2022-2493

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

HIGH CVSS 8.3 Published Jul 22, 2022

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

HIGH CVSS 8.1 Published Apr 25, 2022

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

HIGH CVSS 8.3 Published Apr 25, 2022

CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

HIGH CVSS 7.3 Published Apr 25, 2022

CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

MEDIUM CVSS 4.6 Published Mar 30, 2022

CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

MEDIUM CVSS 4.6 Published Mar 30, 2022

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

HIGH CVSS 8.0 Published Mar 30, 2022

CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

MEDIUM CVSS 6.5 Published Mar 30, 2022

CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

HIGH CVSS 7.3 Published Mar 30, 2022

Version unspecified

Known Vulnerabilities

CVE-2024-0875

CVE-2023-2949

CVE-2023-2950

CVE-2023-2948

CVE-2023-2947

CVE-2023-2944

CVE-2023-2946

CVE-2023-2943

CVE-2023-2942

CVE-2023-2945

CVE-2023-2674

CVE-2023-2566

CVE-2022-4733

CVE-2022-4615

CVE-2022-4567

CVE-2022-4504

CVE-2022-4505

CVE-2022-4503

CVE-2022-4506

CVE-2022-4502

CVE-2022-2824

CVE-2022-2734

CVE-2022-2732

CVE-2022-2733

CVE-2022-2731

CVE-2022-2729

CVE-2022-2730

CVE-2022-2494

CVE-2022-2493

CVE-2022-1461

CVE-2022-1459

CVE-2022-1458

CVE-2022-1179

CVE-2022-1180

CVE-2022-1181

CVE-2022-1177

CVE-2022-1178