Vulnerabilities > Open EMR > Openemr > 5.0.1.1

DATE CVE VULNERABILITY TITLE RISK
2019-10-21 CVE-2019-16862 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
network
low complexity
open-emr CWE-79
6.1
2019-10-05 CVE-2019-17197 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
network
low complexity
open-emr CWE-89
critical
9.8
2019-10-04 CVE-2019-17179 Cross-site Scripting vulnerability in Open-Emr Openemr
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
network
low complexity
open-emr CWE-79
6.1
2019-08-13 CVE-2019-14530 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter.
network
low complexity
open-emr CWE-22
8.8
2019-08-02 CVE-2019-14529 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
network
low complexity
open-emr CWE-89
critical
9.8
2019-05-17 CVE-2018-17181 SQL Injection vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-89
critical
9.8
2019-05-17 CVE-2018-17180 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-22
5.3
2019-05-17 CVE-2018-17179 SQL Injection vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-89
critical
9.8
2019-04-02 CVE-2018-18035 Cross-site Scripting vulnerability in Open-Emr Openemr
A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
network
low complexity
open-emr CWE-79
6.1
2018-08-15 CVE-2018-15156 OS Command Injection vulnerability in Open-Emr Openemr
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
network
low complexity
open-emr CWE-78
8.8