Vulnerabilities > Openmrs

DATE CVE VULNERABILITY TITLE RISK
2017-10-23 CVE-2017-12796 Deserialization of Untrusted Data vulnerability in Openmrs
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects.
network
low complexity
openmrs CWE-502
critical
9.8
2017-04-21 CVE-2017-7990 Cross-Site Request Forgery (CSRF) vulnerability in Openmrs Module Reporting 1.12.0
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.
network
low complexity
openmrs CWE-352
8.8