Vulnerabilities > Openmrs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2020-5731 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 6.1 |
| 2020-04-17 | CVE-2020-5730 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 6.1 |
| 2020-04-17 | CVE-2020-5729 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. | 6.1 |
| 2020-04-17 | CVE-2020-5728 | Improper Input Validation vulnerability in Openmrs OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). | 6.1 |