Vulnerabilities > Librehealth > Librehealth EHR > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2022-29940 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. | 3.5 |
| 2022-05-05 | CVE-2022-29939 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. | 3.5 |