Open-Emr: >> Openemr >> 4.1.2.3 Security Vulnerabilities
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-02-22
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
CVSS Score
7.5
EPSS Score
0.045
Published
2023-02-22
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
6.7
EPSS Score
0.009
Published
2022-12-27
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
8.3
EPSS Score
0.009
Published
2022-12-19
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-12-17
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
7.1
EPSS Score
0.004
Published
2022-12-15
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-12-15
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
7.6
EPSS Score
0.002
Published
2022-12-15
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
7.3
EPSS Score
0.042
Published
2022-12-15
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
6.4
EPSS Score
0.008
Published
2022-12-15