U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:open-emr:openemr:2.8.2
There are 88 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-2950

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 28, 2023; 12:15:14 AM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-2949

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 28, 2023; 12:15:13 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-2948

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 28, 2023; 12:15:12 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-2947

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 27, 2023; 7:15:09 PM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-2946

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 27, 2023; 7:15:09 PM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-2945

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 27, 2023; 6:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2944

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 27, 2023; 6:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2943

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 27, 2023; 6:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2942

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 27, 2023; 6:15:09 PM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-2674

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 12, 2023; 4:15:09 AM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2566

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

Published: May 08, 2023; 1:15:09 AM -0400
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-22974

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Published: February 22, 2023; 4:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-22973

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.

Published: February 22, 2023; 4:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-22972

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

Published: February 22, 2023; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4733

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 27, 2022; 10:15:12 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2022-4615

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 19, 2022; 3:15:13 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-4567

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 17, 2022; 1:15:07 AM -0500
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2022-4506

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 14, 2022; 8:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-4505

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 14, 2022; 8:15:11 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2022-4504

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

Published: December 14, 2022; 8:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)