Vulnerabilities > Librehealth

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-09	CVE-2022-31496	Unspecified vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. network low complexity librehealth	8.8
2022-06-08	CVE-2022-31497	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. network librehealth CWE-79	4.3
2022-06-07	CVE-2022-31495	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. network librehealth CWE-79	4.3
2022-06-06	CVE-2022-31494	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. network librehealth CWE-79	4.3
2022-06-06	CVE-2022-31498	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. network librehealth CWE-79	4.3
2022-06-06	CVE-2022-31492	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. network librehealth CWE-79	4.3
2022-06-06	CVE-2022-31493	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. network librehealth CWE-79	4.3
2022-05-05	CVE-2022-29938	SQL Injection vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. network low complexity librehealth CWE-89	6.5
2022-05-05	CVE-2022-29939	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. network librehealth CWE-79	3.5
2022-05-05	CVE-2022-29940	Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. network librehealth CWE-79	3.5

Vulnerabilities > Librehealth {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Librehealth"}]}

Vulnerabilities > Librehealth