U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:open-emr:openemr:2.8.2
There are 88 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2022-4503

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 14, 2022; 8:15:10 PM -0500 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-4502

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 14, 2022; 8:15:10 PM -0500 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-2824

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 15, 2022; 12:15:07 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-2734

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 9:15:08 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-2733

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 8:15:08 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-2732

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 8:15:08 AM -0400 		V3.1: 8.3 HIGH
 V2.0:(not available)
CVE-2022-2731

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 8:15:08 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-2730

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 8:15:08 AM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2022-2729

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

Published: August 09, 2022; 8:15:08 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-2494

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

Published: July 22, 2022; 12:15:13 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-2493

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

Published: July 22, 2022; 12:15:13 AM -0400 		V3.1: 8.1 HIGH
 V2.0:(not available)
CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

Published: April 25, 2022; 7:15:07 AM -0400 		V3.1: 6.5 MEDIUM
 V2.0: 4.0 MEDIUM
CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

Published: April 25, 2022; 6:15:09 AM -0400 		V3.1: 8.3 HIGH
 V2.0: 5.5 MEDIUM
CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

Published: April 25, 2022; 6:15:09 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0: 3.5 LOW
CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

Published: March 30, 2022; 8:15:08 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0: 3.5 LOW
CVE-2022-1180

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

Published: March 30, 2022; 8:15:08 AM -0400 		V3.1: 3.5 LOW
 V2.0: 3.5 LOW
CVE-2022-1179

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

Published: March 30, 2022; 8:15:08 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0: 3.5 LOW
CVE-2022-1178

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

Published: March 30, 2022; 8:15:08 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0: 3.5 LOW
CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

Published: March 30, 2022; 7:15:07 AM -0400 		V3.1: 4.3 MEDIUM
 V2.0: 4.0 MEDIUM
CVE-2021-32103

A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.

Published: May 07, 2021; 12:15:07 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0: 3.5 LOW