Vulnerabilities > Open EMR > Openemr > 5.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-10-04 CVE-2019-17179 Cross-site Scripting vulnerability in Open-Emr Openemr
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3968 OS Command Injection vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
network
low complexity
open-emr CWE-78
8.8
8.8
2019-08-20 CVE-2019-3967 Path Traversal vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
network
low complexity
open-emr CWE-22
6.5
6.5
2019-08-20 CVE-2019-3966 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3965 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3964 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3963 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-13 CVE-2019-14530 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter.
network
low complexity
open-emr CWE-22
8.8
8.8
2019-08-02 CVE-2019-14529 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8
2019-05-17 CVE-2018-17181 SQL Injection vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8