Vulnerabilities > Open EMR > Openemr > 5.0.2

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-25923 Weak Password Requirements vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit.
network
high complexity
open-emr CWE-521
8.1
8.1
2021-05-07 CVE-2021-32103 Cross-site Scripting vulnerability in Open-Emr Openemr
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
network
low complexity
open-emr CWE-79
4.8
4.8
2021-04-13 CVE-2020-13568 SQL Injection vulnerability in multiple products
SQL injection vulnerability exists in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
8.8
8.8
2021-04-13 CVE-2020-13566 SQL Injection vulnerability in multiple products
SQL injection vulnerabilities exist in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
8.8
8.8
2021-03-22 CVE-2021-25922 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
low complexity
open-emr CWE-79
6.1
6.1
2021-03-22 CVE-2021-25921 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section.
network
low complexity
open-emr CWE-79
5.4
5.4
2021-03-22 CVE-2021-25920 Improper Handling of Case Sensitivity vulnerability in Open-Emr Openemr
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
network
low complexity
open-emr CWE-178
6.5
6.5
2021-03-22 CVE-2021-25919 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly.
network
low complexity
open-emr CWE-79
4.8
4.8
2021-03-22 CVE-2021-25918 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page.
network
low complexity
open-emr CWE-79
4.8
4.8
2021-03-22 CVE-2021-25917 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page.
network
low complexity
open-emr CWE-79
4.8
4.8