Vulnerabilities > Open EMR > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-01 CVE-2020-13563 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7.
network
low complexity
phpgacl-project open-emr CWE-79
6.1
6.1
2021-02-01 CVE-2020-13562 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7.
network
low complexity
phpgacl-project open-emr CWE-79
6.1
6.1
2019-10-21 CVE-2019-17409 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-10-21 CVE-2019-16862 Cross-site Scripting vulnerability in Open-Emr Openemr
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-10-04 CVE-2019-17179 Cross-site Scripting vulnerability in Open-Emr Openemr
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
network
low complexity
open-emr CWE-79
6.1
6.1
2019-09-16 CVE-2019-8368 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.16
OpenEMR v5.0.1-6 allows XSS.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3967 Path Traversal vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
network
low complexity
open-emr CWE-22
6.5
6.5
2019-08-20 CVE-2019-3966 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3965 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1
2019-08-20 CVE-2019-3964 Cross-site Scripting vulnerability in Open-Emr Openemr
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter.
network
low complexity
open-emr CWE-79
6.1
6.1