Vulnerabilities > Openmrs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-23 | CVE-2017-12796 | Deserialization of Untrusted Data vulnerability in Openmrs The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. | 9.8 |
2017-04-21 | CVE-2017-7990 | Cross-Site Request Forgery (CSRF) vulnerability in Openmrs Module Reporting 1.12.0 The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. | 8.8 |