Vulnerabilities > Open EMR > Openemr > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2022-1458 | Cross-site Scripting vulnerability in Open-Emr Openemr Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. | 3.5 |
| 2022-03-30 | CVE-2022-1181 | Cross-site Scripting vulnerability in Open-Emr Openemr Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | 3.5 |
| 2022-03-30 | CVE-2022-1180 | Cross-site Scripting vulnerability in Open-Emr Openemr Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 3.5 |
| 2022-03-30 | CVE-2022-1179 | Cross-site Scripting vulnerability in Open-Emr Openemr Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 3.5 |
| 2022-03-30 | CVE-2022-1178 | Cross-site Scripting vulnerability in Open-Emr Openemr Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | 3.5 |
| 2022-03-25 | CVE-2022-24643 | Cross-site Scripting vulnerability in Open-Emr Openemr 6.0.0 A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. | 3.5 |
| 2021-05-07 | CVE-2021-32103 | Cross-site Scripting vulnerability in Open-Emr Openemr A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter. | 3.5 |
| 2021-03-22 | CVE-2021-25917 | Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.2/5.0.2.1/5.0.2.5 In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. | 3.5 |
| 2021-03-22 | CVE-2021-25918 | Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.2/5.0.2.1/5.0.2.5 In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. | 3.5 |
| 2021-03-22 | CVE-2021-25919 | Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.2/5.0.2.1/5.0.2.5 In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. | 3.5 |