Vulnerabilities > Open EMR > Openemr > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-22 | CVE-2021-25921 | Cross-site Scripting vulnerability in Open-Emr Openemr In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. | 3.5 |
| 2018-08-20 | CVE-2018-1000218 | Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1.4 OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. | 3.5 |
| 2018-08-20 | CVE-2018-1000219 | Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1.4 OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. | 3.5 |
| 2017-11-17 | CVE-2017-1000240 | Cross-site Scripting vulnerability in Open-Emr Openemr The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. | 3.5 |