Open-Emr: >> Openemr >> 2.7 Security Vulnerabilities
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-11-17
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-06-02
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2012-09-09
Page 10