Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2021-03-22 CVE-2021-25921 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section.
network
open-emr CWE-79
3.5
3.5
2021-03-22 CVE-2021-25920 Improper Handling of Case Sensitivity vulnerability in Open-Emr Openemr
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
network
low complexity
open-emr CWE-178
5.5
5.5
2021-03-22 CVE-2021-25919 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.2/5.0.2.1/5.0.2.5
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
open-emr CWE-79
3.5
3.5
2021-03-22 CVE-2021-25918 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.2/5.0.2.1/5.0.2.5
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page.
network
open-emr CWE-79
3.5
3.5
2021-03-22 CVE-2021-25917 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.2/5.0.2.1/5.0.2.5
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page.
network
open-emr CWE-79
3.5
3.5
2021-03-22 CVE-2021-22321 Use After Free vulnerability in Huawei products
There is a use-after-free vulnerability in a Huawei product.
network
low complexity
huawei CWE-416
5.0
5.0
2021-03-22 CVE-2021-22314 Unspecified vulnerability in Huawei Manageone 6.5.1/6.5.1.1
There is a local privilege escalation vulnerability in some versions of ManageOne.
local
low complexity
huawei
4.6
4.6
2021-03-22 CVE-2021-22320 Unspecified vulnerability in Huawei products
There is a denial of service vulnerability in Huawei products.
network
low complexity
huawei
5.0
5.0
2021-03-22 CVE-2021-22311 Incorrect Default Permissions vulnerability in Huawei Manageone 8.0.0/8.0.1
There is an improper permission assignment vulnerability in Huawei ManageOne product.
network
low complexity
huawei CWE-276
6.5
6.5
2021-03-22 CVE-2021-22310 Information Exposure Through Log Files vulnerability in Huawei products
There is an information leakage vulnerability in some huawei products.
local
low complexity
huawei CWE-532
2.1
2.1