Open-Emr: >> Openemr >> 5.0.1.5 Security Vulnerabilities
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-05-27
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-05-27
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-12
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVSS Score
7.5
EPSS Score
0.015
Published
2023-05-08
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-22
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-02-22
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
CVSS Score
7.5
EPSS Score
0.023
Published
2023-02-22
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
6.7
EPSS Score
0.003
Published
2022-12-27
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS Score
8.3
EPSS Score
0.006
Published
2022-12-19