cbcvebase.

Open-Emr Openemr vulnerabilities

216 known vulnerabilities affecting open-emr/openemr.

Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2

Vulnerabilities

Page 8 of 11
CVE-2026-25929P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-25929 [MEDIUM] CWE-639 CVE-2026-25929: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’s photo by document ID or patient ID without verifying that the current user is authorized to access that patient. An authenticated user with document
nvd
CVE-2013-4619P4MEDIUMCVSS 6.5v4.1.12013-08-09
CVE-2013-4619 [MEDIUM] CWE-89 CVE-2013-4619: Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php.
nvd
CVE-2022-2730P4MEDIUMCVSS 6.5fixed in 7.0.0.12022-08-09
CVE-2022-2730 [MEDIUM] CWE-639 CVE-2022-2730: Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0 Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2021-25920P4MEDIUMCVSS 6.5≥ 2.7.2, ≤ 6.0.0v2.7.2-rc1, 2.7.2-rc2, 2.7.2, 2.7.3-rc1, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.9.0, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.0.3, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 6.0.02021-03-22
CVE-2021-25920 [MEDIUM] CWE-178 CVE-2021-25920: In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a n In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
nvd
CVE-2026-33915P4MEDIUMCVSS 5.4fixed in 8.0.0.32026-03-26
CVE-2026-33915 [MEDIUM] CWE-862 CVE-2026-33915: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::request_authorization_check()` call that every other data-modifying route in the standard API uses. This allows any authenticated API user to create and
nvd
CVE-2025-31121P4MEDIUMCVSS 5.4fixed in 7.0.3.12025-04-01
CVE-2025-31121 [MEDIUM] CWE-79 CVE-2025-31121: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.
nvd
CVE-2025-69231P4MEDIUMCVSS 5.4fixed in 8.0.02026-02-25
CVE-2025-69231 [MEDIUM] CWE-79 CVE-2025-69231: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript that executes when other users view the form. This enables
nvd
CVE-2020-13565P4MEDIUMCVSS 6.1v5.0.22021-02-10
CVE-2020-13565 [MEDIUM] CWE-601 CVE-2020-13565: An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2022-1461P4MEDIUMCVSS 6.5fixed in 6.1.0.12022-04-25
CVE-2022-1461 [MEDIUM] CWE-1220 CVE-2022-1461: Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6. Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
nvd
CVE-2025-30161P4MEDIUMCVSS 5.4fixed in 7.0.32025-03-31
CVE-2025-30161 [MEDIUM] CWE-80 CVE-2025-30161: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.
nvd
CVE-2026-34051P4MEDIUMCVSS 5.4fixed in 8.0.0.32026-03-26
CVE-2026-34051 [MEDIUM] CWE-285 CVE-2026-34051: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulation despite UI restrictions. This can lead to unauthori
nvd
CVE-2026-33913P4MEDIUMCVSS 4.9fixed in 8.0.0.32026-03-25
CVE-2026-33913 [MEDIUM] CWE-611 CVE-2026-33913: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.
nvd
CVE-2021-47817P4MEDIUMCVSS 5.4v5.0.2.12026-01-21
CVE-2021-47817 [MEDIUM] CWE-79 CVE-2021-47817: OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authen OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve remote code execution. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR in
nvd
CVE-2026-33305P4MEDIUMCVSS 5.4fixed in 8.0.0.22026-03-19
CVE-2026-33305 [MEDIUM] CWE-696 CVE-2026-33305: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) allows any authenticated OpenEMR user to invoke controller methods — including `getNotificationLog()`, which returns patient appointment data (PHI) — reg
nvd
CVE-2026-24847P4MEDIUMCVSS 6.1fixed in 8.0.02026-02-25
CVE-2026-24847 [MEDIUM] CWE-601 CVE-2026-24847: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare providers using OpenEMR. Version 8.0.0 fixes the issue.
nvd
CVE-2018-17180P4MEDIUMCVSS 5.3fixed in 5.0.1.72019-05-17
CVE-2018-17180 [MEDIUM] CWE-22 CVE-2018-17180: An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
nvd
CVE-2025-32967P4MEDIUMCVSS 5.4fixed in 7.0.3.42025-05-23
CVE-2025-32967 [MEDIUM] CWE-778 CVE-2025-32967: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectabl
nvd
CVE-2026-33912P4MEDIUMCVSS 5.4fixed in 8.0.0.32026-03-25
CVE-2026-33912 [MEDIUM] CWE-79 CVE-2026-33912: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0.3 patches the issue.
nvd
CVE-2019-16862P4MEDIUMCVSS 6.1≥ 5.0.0, < 5.0.2.12019-10-21
CVE-2019-16862 [MEDIUM] CWE-79 CVE-2019-16862: Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote atta Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
nvd
CVE-2026-33348P4MEDIUMCVSS 5.4fixed in 8.0.0.32026-03-25
CVE-2026-33348 [MEDIUM] CWE-79 CVE-2026-33348: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with the same role. Versions prior to 8.0.0.3 have a stor
nvd
Open-Emr Openemr vulnerabilities | cvebase