Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  Security Vulnerabilities
CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVSS Score
4.6
EPSS Score
0.185
Published
2022-03-30
CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
CVSS Score
8.0
EPSS Score
0.282
Published
2022-03-30
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
CVSS Score
6.5
EPSS Score
0.033
Published
2022-03-30
CVE-2022-24643
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.
CVSS Score
5.4
EPSS Score
0.016
Published
2022-03-25
CVE-2022-25041
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-03-23
CVE-2022-25471
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
CVSS Score
8.1
EPSS Score
0.013
Published
2022-03-03
CVE-2021-41843
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-17
CVE-2021-40352
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
CVSS Score
6.5
EPSS Score
0.046
Published
2021-09-01
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
CVSS Score
8.1
EPSS Score
0.001
Published
2021-06-24
CVE-2021-32101
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
CVSS Score
8.2
EPSS Score
0.002
Published
2021-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved