Vulnerabilities > Open EMR > Openemr > 5.0.2

DATE CVE VULNERABILITY TITLE RISK
2019-10-21 CVE-2019-17409 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
network
low complexity
open-emr CWE-79
6.1
2019-10-21 CVE-2019-16862 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
network
low complexity
open-emr CWE-79
6.1