Vulnerabilities > Open EMR > Openemr > 5.0.1.4

DATE CVE VULNERABILITY TITLE RISK
2019-10-21 CVE-2019-16862 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-10-05 CVE-2019-17197 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8
2019-10-04 CVE-2019-17179 Cross-site Scripting vulnerability in Open-Emr Openemr
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-13 CVE-2019-14530 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter.
network
low complexity
open-emr CWE-22
8.8
8.8
2019-08-02 CVE-2019-14529 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8
2019-05-17 CVE-2018-17181 SQL Injection vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8
2019-05-17 CVE-2018-17180 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-22
5.3
5.3
2019-05-17 CVE-2018-17179 SQL Injection vulnerability in Open-Emr Openemr
An issue was discovered in OpenEMR before 5.0.1 Patch 7.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8
2019-04-02 CVE-2018-18035 Cross-site Scripting vulnerability in Open-Emr Openemr
A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
network
low complexity
open-emr CWE-79
6.1
6.1
2018-08-20 CVE-2018-1000219 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1.4
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML..
network
low complexity
open-emr CWE-79
5.4
5.4