Vulnerabilities > Open EMR

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-40352 Information Exposure Through Log Files vulnerability in Open-Emr Openemr 6.0.0
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
network
low complexity
open-emr CWE-532
4.0
2021-06-24 CVE-2021-25923 Weak Password Requirements vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit.
network
open-emr CWE-521
6.8
2021-05-07 CVE-2021-32101 Incorrect Permission Assignment for Critical Resource vulnerability in Open-Emr Openemr 5.0.2.1
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php.
network
low complexity
open-emr CWE-732
6.4
2021-05-07 CVE-2021-32102 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
6.5
2021-05-07 CVE-2021-32103 Cross-site Scripting vulnerability in Open-Emr Openemr
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
network
open-emr CWE-79
3.5
2021-05-07 CVE-2021-32104 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
6.5
2021-04-13 CVE-2020-13568 SQL Injection vulnerability in multiple products
SQL injection vulnerability exists in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
6.5
2021-04-13 CVE-2020-13566 SQL Injection vulnerability in multiple products
SQL injection vulnerabilities exist in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
6.5
2021-03-22 CVE-2021-25922 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
open-emr CWE-79
4.3
2021-03-22 CVE-2021-25921 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section.
network
open-emr CWE-79
3.5