Vulnerabilities > Openmrs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2020-5733 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
| 2020-04-17 | CVE-2020-5732 | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 5.8 |
| 2020-04-17 | CVE-2020-5731 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2020-5730 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2020-5729 | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. | 4.3 |
| 2020-04-17 | CVE-2020-5728 | Improper Input Validation vulnerability in Openmrs OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). | 4.3 |
| 2017-04-21 | CVE-2017-7990 | Cross-Site Request Forgery (CSRF) vulnerability in Openmrs Module Reporting 1.12.0 The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. | 6.8 |
| 2014-10-23 | CVE-2014-8073 | Cross-Site Request Forgery (CSRF) vulnerability in Openmrs 2.1 Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form. | 6.8 |
| 2014-10-23 | CVE-2014-8072 | Permissions, Privileges, and Access Controls vulnerability in Openmrs 2.1 The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. | 4.0 |
| 2014-10-23 | CVE-2014-8071 | Cross-Site Scripting vulnerability in Openmrs 2.1 Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page. | 4.3 |