Vulnerabilities > Openmrs > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2021-43094 | SQL Injection vulnerability in Openmrs An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | 9.8 |
| 2019-05-10 | CVE-2017-12795 | Improper Input Validation vulnerability in Openmrs Openmrs-Module-Htmlformentry 3.3.2 OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | 9.8 |
| 2019-03-21 | CVE-2018-19276 | Deserialization of Untrusted Data vulnerability in Openmrs OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. | 9.8 |
| 2018-09-05 | CVE-2018-16521 | XXE vulnerability in Openmrs Html Form Entry and Reference Application An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | 9.8 |
| 2017-10-23 | CVE-2017-12796 | Deserialization of Untrusted Data vulnerability in Openmrs The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. | 9.8 |