Openclinic Ga Project: >> Openclinic Ga >> 5.247.01 Security Vulnerabilities
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVSS Score
7.5
EPSS Score
0.175
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.
CVSS Score
7.5
EPSS Score
0.076
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
CVSS Score
9.1
EPSS Score
0.007
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVSS Score
7.5
EPSS Score
0.011
Published
2024-03-19