Vulnerabilities > Openclinic Project > Openclinic > 0.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-03 | CVE-2020-28939 | Unrestricted Upload of File with Dangerous Type vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. | 7.2 |
| 2020-12-03 | CVE-2020-28938 | Cross-site Scripting vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. | 5.4 |
| 2020-12-03 | CVE-2020-28937 | Forced Browsing vulnerability in Openclinic Project Openclinic 0.8.2 OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | 7.5 |