Openemr Openemr vulnerabilities
37 known vulnerabilities affecting openemr/openemr_openemr.
Total CVEs
37
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH10MEDIUM26LOW1
Vulnerabilities
Page 2 of 2
CVE-2022-2824P4MEDIUMCVSS 5.4≥ unspecified, < 7.0.0.12022-08-15
CVE-2022-2824 [MEDIUM] CWE-639 CVE-2022-2824: Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2023-2945P4MEDIUMCVSS 5.4≥ unspecified, < 7.0.12023-05-27
CVE-2023-2945 [MEDIUM] CWE-862 CVE-2023-2945: Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-4615P4MEDIUMCVSS 6.1≥ unspecified, < 7.0.0.22022-12-19
CVE-2022-4615 [MEDIUM] CWE-79 CVE-2022-4615: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2022-4502P4MEDIUMCVSS 6.1≥ unspecified, < 7.0.0.22022-12-15
CVE-2022-4502 [MEDIUM] CWE-79 CVE-2022-4502: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2022-4503P4MEDIUMCVSS 6.1≥ unspecified, < 7.0.0.22022-12-15
CVE-2022-4503 [MEDIUM] CWE-79 CVE-2022-4503: Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2022-2731P4MEDIUMCVSS 6.1≥ unspecified, < 7.0.0.12022-08-09
CVE-2022-2731 [MEDIUM] CWE-79 CVE-2022-2731: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2022-2494P4MEDIUMCVSS 5.4≥ unspecified, < 7.0.02022-07-22
CVE-2022-2494 [MEDIUM] CWE-79 CVE-2022-2494: Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
nvd
CVE-2022-2729P4MEDIUMCVSS 5.4≥ unspecified, < 7.0.0.12022-08-09
CVE-2022-2729 [MEDIUM] CWE-79 CVE-2022-2729: Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2022-1458P4MEDIUMCVSS 5.4≥ unspecified, < 6.1.0.12022-04-25
CVE-2022-1458 [MEDIUM] CWE-79 CVE-2022-1458: Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.
nvd
CVE-2022-2734P4MEDIUMCVSS 5.4≥ unspecified, < 7.0.0.12022-08-09
CVE-2022-2734 [MEDIUM] CWE-1021 CVE-2022-2734: Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2023-2674P4MEDIUMCVSS 4.3≥ unspecified, < 7.0.12023-05-12
CVE-2023-2674 [MEDIUM] CWE-284 CVE-2023-2674: Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-4505P4MEDIUMCVSS 4.3≥ unspecified, < 7.0.0.22022-12-15
CVE-2022-4505 [MEDIUM] CWE-639 CVE-2022-4505: Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2024-0875P4MEDIUMCVSS 4.8≥ unspecified, < 7.0.2.12024-11-15
CVE-2024-0875 [MEDIUM] CWE-79 CVE-2024-0875: A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attack
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issu
nvd
CVE-2022-4733P4MEDIUMCVSS 4.8≥ unspecified, < 7.0.0.22022-12-27
CVE-2022-4733 [MEDIUM] CWE-79 CVE-2022-4733: Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
nvd
CVE-2023-2566P4MEDIUMCVSS 4.8≥ unspecified, < 7.0.12023-05-08
CVE-2023-2566 [MEDIUM] CWE-79 CVE-2023-2566: Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-1177P4MEDIUMCVSS 4.3≥ unspecified, < 6.1.02022-03-30
CVE-2022-1177 [MEDIUM] CWE-1220 CVE-2022-1177: Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior t
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
nvd
CVE-2022-1180P4LOWCVSS 3.5≥ unspecified, < 6.0.0.42022-03-30
CVE-2022-1180 [LOW] CWE-79 CVE-2022-1180: Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
nvd
← Previous2 / 2