Openclinic Ga Project: >> Openclinic Ga >> 5.247.01 Security Vulnerabilities
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVSS Score
7.5
EPSS Score
0.106
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message.
CVSS Score
7.5
EPSS Score
0.043
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-19
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-03-19