Open-Emr: Security Vulnerabilities
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-25
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
CVSS Score
8.1
EPSS Score
0.016
Published
2024-11-15
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
CVSS Score
9.8
EPSS Score
0.037
Published
2024-06-26
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-02-28
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-05-28
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.3
EPSS Score
0.724
Published
2023-05-28
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.3
EPSS Score
0.855
Published
2023-05-28
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
4.7
EPSS Score
0.209
Published
2023-05-27
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-27