Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:open-emr:openemr:5.0.1.7:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-4503 |
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. Published: December 14, 2022; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4502 |
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Published: December 14, 2022; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-2824 |
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 15, 2022; 12:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-2734 |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 09, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-2733 |
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 09, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-2732 |
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 09, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 8.3 HIGH V2.0:(not available) |
CVE-2022-2731 |
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 09, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-2730 |
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 09, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-2729 |
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. Published: August 09, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-2494 |
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0. Published: July 22, 2022; 12:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-2493 |
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. Published: July 22, 2022; 12:15:13 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2022-1461 |
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Published: April 25, 2022; 7:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-1459 |
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Published: April 25, 2022; 6:15:09 AM -0400 |
V4.0:(not available) V3.1: 8.3 HIGH V2.0: 5.5 MEDIUM |
CVE-2022-1458 |
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Published: April 25, 2022; 6:15:09 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-1181 |
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Published: March 30, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-1180 |
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Published: March 30, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 3.5 LOW V2.0: 3.5 LOW |
CVE-2022-1179 |
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Published: March 30, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-1178 |
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Published: March 30, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2022-1177 |
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. Published: March 30, 2022; 7:15:07 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-25923 |
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. Published: June 24, 2021; 7:15:07 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |