Vulnerabilities > Open EMR

DATE CVE VULNERABILITY TITLE RISK
2019-09-16 CVE-2019-8368 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.16
OpenEMR v5.0.1-6 allows XSS.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-09-16 CVE-2019-8371 Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr 5.0.16
OpenEMR v5.0.1-6 allows code execution.
network
low complexity
open-emr CWE-434
7.2
7.2
2019-08-20 CVE-2019-3968 OS Command Injection vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
network
low complexity
open-emr CWE-78
8.8
8.8
2019-08-20 CVE-2019-3967 Path Traversal vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
network
low complexity
open-emr CWE-22
6.5
6.5
2019-08-20 CVE-2019-3966 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3965 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3964 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3963 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-13 CVE-2019-14530 Path Traversal vulnerability in Open-Emr Openemr
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter.
network
low complexity
open-emr CWE-22
8.8
8.8
2019-08-02 CVE-2019-14529 SQL Injection vulnerability in Open-Emr Openemr
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
network
low complexity
open-emr CWE-89
critical
 9.8
9.8