cbcvebase.

Openemr Openemr vulnerabilities

37 known vulnerabilities affecting openemr/openemr_openemr.

Total CVEs
37
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH10MEDIUM26LOW1

Vulnerabilities

Page 1 of 2
CVE-2023-2948P3MEDIUMCVSS 6.1PoC≥ unspecified, < 7.0.12023-05-28
CVE-2023-2948 [MEDIUM] CWE-79 CVE-2023-2948: Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-2733P3MEDIUMCVSS 6.1PoC≥ unspecified, < 7.0.0.12022-08-09
CVE-2022-2733 [MEDIUM] CWE-79 CVE-2022-2733: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2023-2949P3MEDIUMCVSS 6.1PoC≥ unspecified, < 7.0.12023-05-28
CVE-2023-2949 [MEDIUM] CWE-79 CVE-2023-2949: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-1179P3MEDIUMCVSS 5.4≥ unspecified, < 6.0.0.42022-03-30
CVE-2022-1179 [MEDIUM] CWE-79 CVE-2022-1179: Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
nvd
CVE-2022-4506P3HIGHCVSS 8.8≥ unspecified, < 7.0.0.22022-12-15
CVE-2022-4506 [HIGH] CWE-434 CVE-2022-4506: Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0. Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2023-2943P3HIGHCVSS 8.8≥ unspecified, < 7.0.12023-05-27
CVE-2023-2943 [HIGH] CWE-94 CVE-2023-2943: Code Injection in GitHub repository openemr/openemr prior to 7.0.1. Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2023-2947P4MEDIUMCVSS 4.8≥ unspecified, < 7.0.12023-05-27
CVE-2023-2947 [MEDIUM] CWE-79 CVE-2023-2947: Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-1178P3MEDIUMCVSS 5.4≥ unspecified, < 6.0.0.42022-03-30
CVE-2022-1178 [MEDIUM] CWE-79 CVE-2022-1178: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
nvd
CVE-2022-1181P3MEDIUMCVSS 5.4≥ unspecified, < 6.0.0.22022-03-30
CVE-2022-1181 [MEDIUM] CWE-79 CVE-2022-1181: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
nvd
CVE-2022-2493P3HIGHCVSS 8.1≥ unspecified, < 7.0.02022-07-22
CVE-2022-2493 [HIGH] CWE-1083 CVE-2022-2493: Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
nvd
CVE-2023-2942P3HIGHCVSS 8.1≥ unspecified, < 7.0.12023-05-27
CVE-2023-2942 [HIGH] CWE-20 CVE-2023-2942: Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-4567P3HIGHCVSS 8.1≥ unspecified, < 7.0.0.22022-12-17
CVE-2022-4567 [HIGH] CWE-284 CVE-2022-4567: Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2023-2946P3HIGHCVSS 8.1≥ unspecified, < 7.0.12023-05-27
CVE-2023-2946 [HIGH] CWE-284 CVE-2023-2946: Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-2732P3HIGHCVSS 8.3≥ unspecified, < 7.0.0.12022-08-09
CVE-2022-2732 [HIGH] CWE-862 CVE-2022-2732: Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2023-2950P3HIGHCVSS 8.1≥ unspecified, < 7.0.12023-05-28
CVE-2023-2950 [HIGH] CWE-285 CVE-2023-2950: Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-1459P3HIGHCVSS 8.3≥ unspecified, < 6.1.0.12022-04-25
CVE-2022-1459 [HIGH] CWE-1118 CVE-2022-1459: Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1. Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
nvd
CVE-2022-4504P3HIGHCVSS 7.5≥ unspecified, < 7.0.0.22022-12-15
CVE-2022-4504 [HIGH] CWE-20 CVE-2022-4504: Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2022-2730P4MEDIUMCVSS 6.5≥ unspecified, < 7.0.0.12022-08-09
CVE-2022-2730 [MEDIUM] CWE-639 CVE-2022-2730: Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0 Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2022-1461P4MEDIUMCVSS 6.5≥ unspecified, < 6.1.0.12022-04-25
CVE-2022-1461 [MEDIUM] CWE-1220 CVE-2022-1461: Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6. Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
nvd
CVE-2023-2944P4MEDIUMCVSS 5.4≥ unspecified, < 7.0.12023-05-27
CVE-2023-2944 [MEDIUM] CWE-284 CVE-2023-2944: Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
nvd
Openemr Openemr vulnerabilities | cvebase