Vulnerabilities > Openmrs > Openmrs > 2.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2020-5733 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
| 2020-04-17 | CVE-2020-5732 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
| 2020-04-17 | CVE-2020-5731 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2020-5730 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2020-5729 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. | 4.3 |
| 2020-04-17 | CVE-2020-5728 | Improper Input Validation vulnerability in Openmrs OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). | 4.3 |