Open-Emr: >> Openemr >> 4.1.2.7 Security Vulnerabilities
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-04-30
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-04-30
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-11-17
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-06-02
Page 10