Vulnerabilities > Librehealth > Librehealth EHR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-08 | CVE-2022-31497 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. | 6.1 |
| 2022-06-07 | CVE-2022-31495 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | 6.1 |
| 2022-06-06 | CVE-2022-31494 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | 6.1 |
| 2022-06-06 | CVE-2022-31498 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | 6.1 |
| 2022-06-06 | CVE-2022-31492 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | 6.1 |
| 2022-06-06 | CVE-2022-31493 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | 6.1 |
| 2022-05-05 | CVE-2022-29939 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. | 5.4 |
| 2022-05-05 | CVE-2022-29940 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. | 5.4 |
| 2020-07-15 | CVE-2020-11437 | SQL Injection vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. | 4.3 |
| 2018-08-20 | CVE-2018-1000645 | Information Exposure vulnerability in Librehealth EHR 1.0.0/1.0.1 LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. | 6.5 |