Vulnerabilities > Openmrs

DATE CVE VULNERABILITY TITLE RISK
2017-10-23 CVE-2017-12796 Deserialization of Untrusted Data vulnerability in Openmrs
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects.
network
low complexity
openmrs CWE-502
critical
10.0
2017-04-21 CVE-2017-7990 Cross-Site Request Forgery (CSRF) vulnerability in Openmrs Module Reporting 1.12.0
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
network
openmrs CWE-352
6.8
2014-10-23 CVE-2014-8073 Cross-Site Request Forgery (CSRF) vulnerability in Openmrs 2.1
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
network
openmrs CWE-352
6.8
2014-10-23 CVE-2014-8072 Permissions, Privileges, and Access Controls vulnerability in Openmrs 2.1
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
network
low complexity
openmrs CWE-264
4.0
2014-10-23 CVE-2014-8071 Cross-Site Scripting vulnerability in Openmrs 2.1
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page.
network
openmrs CWE-79
4.3