Vulnerabilities > Open EMR > Openemr > 5.0.2.1

DATE CVE VULNERABILITY TITLE RISK
2021-05-07 CVE-2021-32101 Incorrect Permission Assignment for Critical Resource vulnerability in Open-Emr Openemr 5.0.2.1
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php.
network
low complexity
open-emr CWE-732
8.2
2021-05-07 CVE-2021-32102 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
8.8
2021-05-07 CVE-2021-32103 Cross-site Scripting vulnerability in Open-Emr Openemr
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
network
low complexity
open-emr CWE-79
4.8
2021-05-07 CVE-2021-32104 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
8.8
2021-03-22 CVE-2021-25922 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
low complexity
open-emr CWE-79
6.1
2021-03-22 CVE-2021-25921 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section.
network
low complexity
open-emr CWE-79
5.4
2021-03-22 CVE-2021-25920 Improper Handling of Case Sensitivity vulnerability in Open-Emr Openemr
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
network
low complexity
open-emr CWE-178
6.5
2021-03-22 CVE-2021-25919 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
low complexity
open-emr CWE-79
4.8
2021-03-22 CVE-2021-25918 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page.
network
low complexity
open-emr CWE-79
4.8
2021-03-22 CVE-2021-25917 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page.
network
low complexity
open-emr CWE-79
4.8