Open-Emr: Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
CVSS Score
8.1
EPSS Score
0.018
Published
2024-11-15
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
CVSS Score
9.8
EPSS Score
0.052
Published
2024-06-26
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-02-28
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-05-28
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.3
EPSS Score
0.677
Published
2023-05-28
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.3
EPSS Score
0.807
Published
2023-05-28
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
4.7
EPSS Score
0.199
Published
2023-05-27
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-27
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27