RSS   Vulnerabilities for 'Openemr'   RSS

2022-04-18
 
CVE-2020-13567

CWE-89
 
 
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

 
2022-03-30
 
CVE-2022-1178

CWE-79
 
 
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

 
 
CVE-2022-1179

CWE-79
 
 
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

 
 
CVE-2022-1180

CWE-79
 
 
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

 
 
CVE-2022-1181

CWE-79
 
 
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

 
 
CVE-2022-1177

CWE-863
 
 
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

 
2022-03-25
 
CVE-2022-24643

CWE-79
 
 
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.

 
2022-03-23
 
CVE-2022-25041

CWE-668
 
 
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.

 
2022-03-03
 
CVE-2022-25471

CWE-639
 
 
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.

 
2021-12-17
 
CVE-2021-41843

CWE-89
 
 
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.

 

Copyright 2024, cxsecurity.com

 

Back to Top