RSS   Vulnerabilities for 'Librehealth ehr'   RSS

2022-06-08
 
CVE-2022-31497

CWE-79
 

 
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.

 
2022-06-07
 
CVE-2022-31495

CWE-79
 

 
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.

 
2022-06-06
 
CVE-2022-31494

CWE-79
 

 
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.

 
 
CVE-2022-31492

CWE-79
 

 
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.

 
 
CVE-2022-31498

CWE-79
 

 
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.

 
 
CVE-2022-31493

CWE-79
 

 
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.

 
2022-05-05
 
CVE-2022-29938

CWE-89
 

 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.

 
 
CVE-2022-29939

CWE-79
 

 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.

 
 
CVE-2022-29940

CWE-79
 

 
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.

 
2020-07-15
 
CVE-2020-11439

CWE-20
 

 
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

 


Copyright 2024, cxsecurity.com

 

Back to Top