|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2021-25921 | BDSA-2021-0752 | Medium | Mar 22, 2021 | In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Alle more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2021-25920 | BDSA-2021-0753 | Medium | Mar 22, 2021 | In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to re more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2020-29143 | High | Feb 15, 2021 | A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitra more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
|
| CVE-2020-29142 | BDSA-2020-4177 | High | Feb 15, 2021 | A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute ar more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2020-29140 | High | Feb 15, 2021 | A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
|
| CVE-2020-29139 | BDSA-2021-0385 | High | Feb 15, 2021 | A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authentica more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2019-3968 | BDSA-2019-2684 | High | Aug 20, 2019 | In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2019-3967 | BDSA-2019-2682 | Medium | Aug 20, 2019 | In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download a more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2019-3966 | BDSA-2019-2679 | Medium | Aug 20, 2019 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execut more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|
| CVE-2019-3965 | BDSA-2019-2674 | Medium | Aug 20, 2019 | In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execu more... |
4.1.2.7, 4.1.2.3, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 4.1.2, 3.0.1, 3.0.0
|