Brady Miller - Security Researcher - Exploit Intelligence Platform

CVE-2021-25922 WRITEUP MEDIUM WRITEUP

OpenEMR 4.2.0-6.0.0 - Reflected Cross-Site Scripting

In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.

CVSS 6.1

View Code

CVE-2021-25923 WRITEUP HIGH WRITEUP

OpenEMR 5.0.0-6.0.0.1 - Weak Password Requirements

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.

CVSS 8.1

View Code

CVE-2022-1178 WRITEUP MEDIUM WRITEUP

OpenEMR < 6.0.0.4 - Stored Cross-Site Scripting

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

CVSS 5.4

View Code

CVE-2022-1179 WRITEUP MEDIUM WRITEUP

OpenEMR < 6.0.0.4 - Stored Cross-Site Scripting via Rule Creation

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

CVSS 5.4

View Code

CVE-2022-1180 WRITEUP LOW WRITEUP

openemr < 6.0.0.4 - Reflected Cross-Site Scripting

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

CVSS 3.5

View Code

CVE-2022-2493 WRITEUP HIGH WRITEUP

GitHub openemr/openemr <7.0.0 - Info Disclosure

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

CVSS 8.1

View Code

CVE-2022-2494 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

CVSS 5.4

View Code

CVE-2022-2729 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.1 - DOM-Based Cross-Site Scripting

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS 5.4

View Code

CVE-2022-2730 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.1 - Authorization Bypass Through User-Controlled Key

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS 6.5

View Code

CVE-2022-2731 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.1 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS 6.1

View Code

CVE-2022-2732 WRITEUP HIGH WRITEUP

openemr < 7.0.0.1 - Missing Authorization

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS 8.3

View Code

CVE-2022-2733 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.1 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS 6.1

View Code

CVE-2022-2734 WRITEUP MEDIUM WRITEUP

openemr/openemr <7.0.0.1 - Info Disclosure

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

CVSS 5.4

View Code

CVE-2022-4502 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.2 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 6.1

View Code

CVE-2022-4503 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.2 - Cross-Site Scripting

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 6.1

View Code

CVE-2022-4504 WRITEUP HIGH WRITEUP

OpenEMR < 7.0.0.2 - Improper Input Validation

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 7.5

View Code

CVE-2022-4506 WRITEUP HIGH WRITEUP

OpenEMR < 7.0.0.2 - Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 8.8

View Code

CVE-2022-4567 WRITEUP HIGH WRITEUP

GitHub openemr/openemr <7.0.0.2 - Info Disclosure

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 8.1

View Code

CVE-2022-4733 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.0.2 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS 4.8

View Code

CVE-2023-2566 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.1 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

CVSS 4.8

View Code

CVE-2023-2674 WRITEUP MEDIUM WRITEUP

GitHub openemr/openemr <7.0.1 - Info Disclosure

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

CVSS 4.3

View Code

CVE-2023-2944 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.1 - Improper Access Control

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

CVSS 5.4

View Code

CVE-2023-2945 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.1 - Missing Authorization

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

CVSS 5.4

View Code

CVE-2023-2947 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.1 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

CVSS 4.8

View Code

CVE-2023-2948 WRITEUP MEDIUM WRITEUP

OpenEMR < 7.0.1 - Cross-Site Scripting

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

CVSS 6.1

View Code