Vulnerabilities > Openmrs > Openmrs > 2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2020-5733 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
| 2020-04-17 | CVE-2020-5732 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
| 2020-04-17 | CVE-2020-5731 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2020-5730 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2020-5729 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. | 4.3 |
| 2020-04-17 | CVE-2020-5728 | Improper Input Validation vulnerability in Openmrs OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). | 4.3 |
| 2017-10-23 | CVE-2017-12796 | Deserialization of Untrusted Data vulnerability in Openmrs The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. | 10.0 |