Vulnerabilities > Open EMR

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-25923 Weak Password Requirements vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit.
network
open-emr CWE-521
6.8
2021-05-07 CVE-2021-32101 Incorrect Permission Assignment for Critical Resource vulnerability in Open-Emr Openemr 5.0.2.1
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php.
network
low complexity
open-emr CWE-732
6.4
2021-05-07 CVE-2021-32102 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
6.5
2021-05-07 CVE-2021-32103 Cross-Site Scripting vulnerability in Open-Emr Openemr
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
network
open-emr CWE-79
3.5
2021-05-07 CVE-2021-32104 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
6.5
2021-04-13 CVE-2020-13568 SQL Injection vulnerability in multiple products
SQL injection vulnerability exists in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
6.5
2021-04-13 CVE-2020-13566 SQL Injection vulnerability in multiple products
SQL injection vulnerabilities exist in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
6.5
2021-03-22 CVE-2021-25922 Cross-Site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
open-emr CWE-79
4.3
2021-03-22 CVE-2021-25921 Cross-Site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section.
network
open-emr CWE-79
3.5
2021-03-22 CVE-2021-25920 Incorrect Authorization vulnerability in Open-Emr Openemr
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
network
low complexity
open-emr CWE-863
5.5