Vulnerabilities > Open EMR > Openemr > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-28 CVE-2023-2948 Cross-site Scripting vulnerability in Open-Emr Openemr
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-79
6.1
6.1
2023-05-28 CVE-2023-2949 Cross-site Scripting vulnerability in Open-Emr Openemr
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-79
6.1
6.1
2023-05-27 CVE-2023-2947 Cross-site Scripting vulnerability in Open-Emr Openemr
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-79
4.8
4.8
2023-05-27 CVE-2023-2944 Improper Access Control vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-284
5.4
5.4
2023-05-27 CVE-2023-2945 Missing Authorization vulnerability in Open-Emr Openemr
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-862
5.4
5.4
2023-05-12 CVE-2023-2674 Improper Access Control vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-284
4.3
4.3
2023-05-08 CVE-2023-2566 Cross-site Scripting vulnerability in Open-Emr Openemr
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-79
4.8
4.8
2023-02-22 CVE-2023-22972 Cross-site Scripting vulnerability in Open-Emr Openemr
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
network
low complexity
open-emr CWE-79
5.4
5.4
2022-12-15 CVE-2022-4505 Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr CWE-639
4.3
4.3
2022-08-15 CVE-2022-2824 Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
network
low complexity
open-emr CWE-639
5.4
5.4