Vulnerabilities > Librehealth > Librehealth EHR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-15 | CVE-2020-11436 | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. | 6.0 |
| 2018-12-20 | CVE-2018-1000839 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. | 6.5 |
| 2018-08-20 | CVE-2018-1000650 | SQL Injection vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. | 6.5 |
| 2018-08-20 | CVE-2018-1000649 | Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 6.5 |
| 2018-08-20 | CVE-2018-1000648 | Improper Privilege Management vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 6.5 |
| 2018-08-20 | CVE-2018-1000647 | Improper Input Validation vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. | 5.5 |
| 2018-08-20 | CVE-2018-1000646 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | 6.5 |
| 2018-08-20 | CVE-2018-1000645 | Information Exposure vulnerability in Librehealth EHR LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. | 4.0 |