Vulnerabilities > Openmrs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-25 | CVE-2020-24621 | Path Traversal vulnerability in Openmrs Htmlformentry A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. | 6.5 |
2020-04-17 | CVE-2020-5733 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
2020-04-17 | CVE-2020-5732 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
2020-04-17 | CVE-2020-5731 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 4.3 |
2020-04-17 | CVE-2020-5730 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 4.3 |
2020-04-17 | CVE-2020-5729 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. | 4.3 |
2020-04-17 | CVE-2020-5728 | Improper Input Validation vulnerability in Openmrs OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). | 4.3 |
2019-05-10 | CVE-2017-12795 | Improper Input Validation vulnerability in Openmrs Openmrs-Module-Htmlformentry 3.3.2 OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | 7.5 |
2019-03-21 | CVE-2018-19276 | Deserialization of Untrusted Data vulnerability in Openmrs OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. | 9.8 |
2018-09-05 | CVE-2018-16521 | XXE vulnerability in Openmrs Html Form Entry and Reference Application An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | 7.5 |