Open-Emr: Security Vulnerabilities
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS Score
8.3
EPSS Score
0.003
Published
2022-08-09
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS Score
9.6
EPSS Score
0.882
Published
2022-08-09
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
CVSS Score
8.3
EPSS Score
0.005
Published
2022-07-22
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
CVSS Score
6.3
EPSS Score
0.179
Published
2022-07-22
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
CVSS Score
8.1
EPSS Score
0.016
Published
2022-04-25
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.
CVSS Score
7.3
EPSS Score
0.104
Published
2022-04-25
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
CVSS Score
8.3
EPSS Score
0.005
Published
2022-04-25
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-04-18
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVSS Score
7.3
EPSS Score
0.245
Published
2022-03-30
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVSS Score
4.6
EPSS Score
0.509
Published
2022-03-30