Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  >> Openemr  >> 5.0.1  Security Vulnerabilities
CVE-2019-16862
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
CVSS Score
6.1
EPSS Score
0.063
Published
2019-10-21
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-10-21
CVE-2019-17197
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-05
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
CVSS Score
6.1
EPSS Score
0.021
Published
2019-10-04
CVE-2019-3968
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
CVSS Score
8.8
EPSS Score
0.607
Published
2019-08-20
CVE-2019-3967
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
CVSS Score
6.5
EPSS Score
0.343
Published
2019-08-20
CVE-2019-3963
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.267
Published
2019-08-20
CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.267
Published
2019-08-20
CVE-2019-3965
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.349
Published
2019-08-20
CVE-2019-3966
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.349
Published
2019-08-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved