Vulnerabilities > Librehealth > Librehealth EHR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-08 | CVE-2022-31497 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. | 4.3 |
| 2022-06-07 | CVE-2022-31495 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | 4.3 |
| 2022-06-06 | CVE-2022-31494 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | 4.3 |
| 2022-06-06 | CVE-2022-31498 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | 4.3 |
| 2022-06-06 | CVE-2022-31492 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | 4.3 |
| 2022-06-06 | CVE-2022-31493 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | 4.3 |
| 2022-05-05 | CVE-2022-29938 | SQL Injection vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. | 6.5 |
| 2020-09-01 | CVE-2020-23829 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | 6.5 |
| 2020-07-15 | CVE-2020-11438 | Cross-Site Request Forgery (CSRF) vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by systemic CSRF. | 6.8 |
| 2020-07-15 | CVE-2020-11437 | SQL Injection vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. | 4.0 |