Open-Emr Openemr vulnerabilities
216 known vulnerabilities affecting open-emr/openemr.
Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2
Vulnerabilities
Page 9 of 11
CVE-2015-4453P4MEDIUMCVSS 5.0v2.8.3v2.9.0+8 more2015-07-05
CVE-2015-4453 [MEDIUM] CWE-287 CVE-2015-4453: interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to b
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.
nvd
CVE-2023-2944P4MEDIUMCVSS 5.4fixed in 7.0.12023-05-27
CVE-2023-2944 [MEDIUM] CWE-284 CVE-2023-2944: Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2026-33911P4MEDIUMCVSS 5.4fixed in 8.0.0.32026-03-25
CVE-2026-33911 [MEDIUM] CWE-79 CVE-2026-33911: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built with `json_encode()`. Because the response is served with a `text/html` Content-Type, the browser interprets injected HTML/script tags rather than trea
nvd
CVE-2018-18035P4MEDIUMCVSS 6.1fixed in 5.0.1.62019-04-02
CVE-2018-18035 [MEDIUM] CWE-79 CVE-2018-18035: A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, r
A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
nvd
CVE-2026-33933P4MEDIUMCVSS 6.1≥ 7.0.2.1, < 8.0.0.32026-03-26
CVE-2026-33933 [MEDIUM] CWE-79 CVE-2026-33933: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in an authenticated staff member's browser session by s
nvd
CVE-2022-2824P4MEDIUMCVSS 5.4fixed in 7.0.0.12022-08-15
CVE-2022-2824 [MEDIUM] CWE-639 CVE-2022-2824: Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2023-2945P4MEDIUMCVSS 5.4fixed in 7.0.12023-05-27
CVE-2023-2945 [MEDIUM] CWE-862 CVE-2023-2945: Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2025-67491P4MEDIUMCVSS 5.4≥ 5.0.0.5, < 7.0.42026-02-25
CVE-2025-67491 [MEDIUM] CWE-79 CVE-2025-67491: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable `$data` is passed in a click event handler enclosed in single quotes without proper sanitization. Thus, des
nvd
CVE-2026-32121P4MEDIUMCVSS 5.4fixed in 8.0.0.12026-03-11
CVE-2026-32121 [MEDIUM] CWE-79 CVE-2026-32121: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves client-side DOM-based rendering via jQuery .html() in a
nvd
CVE-2026-32124P4MEDIUMCVSS 5.4fixed in 8.0.0.12026-03-11
CVE-2026-32124 [MEDIUM] CWE-79 CVE-2026-32124: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions (code_text) that are rendered in the front end (e.g. DataTables) without HTML escaping. If an administrator (or user with code management rights) creates or edits a
nvd
CVE-2026-33934P4MEDIUMCVSS 4.3fixed in 8.0.0.32026-03-26
CVE-2026-33934 [MEDIUM] CWE-639 CVE-2026-33934: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows any authenticated patient portal user to retrieve the drawn signature image of any staff member by supplying an arbitrary `user` valu
nvd
CVE-2018-10571P4MEDIUMCVSS 6.1fixed in 5.0.12018-04-30
CVE-2018-10571 [MEDIUM] CWE-79 CVE-2018-10571: Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote a
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php;
nvd
CVE-2026-21443P4MEDIUMCVSS 6.1fixed in 8.0.02026-02-25
CVE-2026-21443 [MEDIUM] CWE-116 CVE-2026-21443: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the `xl()` translation function returns unescaped strings. While wrapper functions exist for escaping in different contexts (`xlt()` for HTML, `xla()` for attributes, `xlj()` for JavaScript), there are places in the codeba
nvd
CVE-2026-33932P4MEDIUMCVSS 5.4fixed in 8.0.0.32026-03-26
CVE-2026-33932 [MEDIUM] CWE-79 CVE-2026-33932: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in a clinician's browser session when the document is prev
nvd
CVE-2026-33299P4MEDIUMCVSS 5.4fixed in 8.0.0.22026-03-19
CVE-2026-33299 [MEDIUM] CWE-79 CVE-2026-33299: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill **Eye Exam** forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with the same role. There exists a
nvd
CVE-2026-32125P4MEDIUMCVSS 5.4fixed in 8.0.0.12026-03-11
CVE-2026-32125 [MEDIUM] CWE-79 CVE-2026-32125: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input (POST) and later rendered in Dygraph charts (titles/labels) using innerHTML or equivalent without escaping. A user who can create or edit Track Anything
nvd
CVE-2017-6394P4MEDIUMCVSS 6.1v5.0.12017-03-02
CVE-2017-6394 [MEDIUM] CWE-79 CVE-2017-6394: Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulne
Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the v
nvd
CVE-2022-4615P4MEDIUMCVSS 6.1fixed in 7.0.0.22022-12-19
CVE-2022-4615 [MEDIUM] CWE-79 CVE-2022-4615: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2022-4502P4MEDIUMCVSS 6.1fixed in 7.0.0.22022-12-15
CVE-2022-4502 [MEDIUM] CWE-79 CVE-2022-4502: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2022-24643P4MEDIUMCVSS 5.4v6.0.02022-03-25
CVE-2022-24643 [MEDIUM] CWE-79 CVE-2022-24643: A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Managem
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.
nvd