Open-Emr: >> Openemr >> 6.0.0 Security Vulnerabilities
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-03-22
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
CVSS Score
5.4
EPSS Score
0.571
Published
2021-03-22
Page 7