Vulnerabilities > Open EMR

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-12	CVE-2023-2674	Improper Access Control vulnerability in Open-Emr Openemr Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. network low complexity open-emr CWE-284	4.3
2023-05-08	CVE-2023-2566	Cross-site Scripting vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. network low complexity open-emr CWE-79	4.8
2023-02-22	CVE-2023-22972	Cross-site Scripting vulnerability in Open-Emr Openemr A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. network low complexity open-emr CWE-79	5.4
2023-02-22	CVE-2023-22973	Path Traversal vulnerability in Open-Emr Openemr A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. network low complexity open-emr CWE-22	8.8
2023-02-22	CVE-2023-22974	Files or Directories Accessible to External Parties vulnerability in Open-Emr Openemr A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. network low complexity open-emr CWE-552	7.5
2022-12-27	CVE-2022-4733	Cross-site Scripting vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. network low complexity open-emr CWE-79	4.8
2022-12-19	CVE-2022-4615	Cross-site Scripting vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. network low complexity open-emr CWE-79	6.1
2022-12-17	CVE-2022-4567	Improper Access Control vulnerability in Open-Emr Openemr Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. network low complexity open-emr CWE-284	8.1
2022-12-15	CVE-2022-4502	Cross-site Scripting vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. network low complexity open-emr CWE-79	6.1
2022-12-15	CVE-2022-4503	Cross-site Scripting vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. network low complexity open-emr CWE-79	6.1

Vulnerabilities > Open EMR {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Open EMR"}]}

Vulnerabilities > Open EMR