Vulnerabilities > Openmrs

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-24621 Path Traversal vulnerability in Openmrs Htmlformentry
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS.
network
low complexity
openmrs CWE-22
6.5
2020-04-17 CVE-2020-5733 Open Redirect vulnerability in Openmrs
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it.
network
openmrs CWE-601
5.8
2020-04-17 CVE-2020-5732 Open Redirect vulnerability in Openmrs
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it.
network
openmrs CWE-601
5.8
2020-04-17 CVE-2020-5731 Cross-site Scripting vulnerability in Openmrs
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.
network
openmrs CWE-79
4.3
2020-04-17 CVE-2020-5730 Cross-site Scripting vulnerability in Openmrs
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.
network
openmrs CWE-79
4.3
2020-04-17 CVE-2020-5729 Cross-site Scripting vulnerability in Openmrs
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS.
network
openmrs CWE-79
4.3
2020-04-17 CVE-2020-5728 Improper Input Validation vulnerability in Openmrs
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm).
network
openmrs CWE-20
4.3
2019-05-10 CVE-2017-12795 Improper Input Validation vulnerability in Openmrs Openmrs-Module-Htmlformentry 3.3.2
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
network
low complexity
openmrs CWE-20
7.5
2019-03-21 CVE-2018-19276 Deserialization of Untrusted Data vulnerability in Openmrs
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
network
low complexity
openmrs CWE-502
critical
9.8
2018-09-05 CVE-2018-16521 XXE vulnerability in Openmrs Html Form Entry and Reference Application
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
network
low complexity
openmrs CWE-611
7.5