open-emr

217 tracked vulnerabilities.

CVE-2025-32794 HIGH
OpenEMR < 7.0.3.4 - Authenticated Stored Cross-Site Scripting via Patient Name Fields
May 23, 2025
CVSS 7.6
EPSS 0.01
CVE-2025-31121 MEDIUM
OpenEMR < 7.0.3.1 - Stored Cross-Site Scripting via EXIF Title in Patient Image
Apr 01, 2025
CVSS 5.4
EPSS 0.11
CVE-2025-31117 HIGH
OpenEMR < 7.0.3.1 - Server-Side Request Forgery
Mar 31, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-30161 MEDIUM
OpenEMR < 7.0.3 - Stored Cross-Site Scripting in Bronchitis Form
Mar 31, 2025
CVSS 5.4
EPSS 0.09
CVE-2025-30149 MEDIUM
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via AJAX Script Target Parameter
Mar 31, 2025
CVSS 6.4
EPSS 0.01
CVE-2025-29772 MEDIUM
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via hidden_subcategory Parameter
Mar 31, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-29789 HIGH
OpenEMR < 7.0.3 - Path Traversal via Load Code Feature
Mar 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-22611 CRITICAL
OpenEMR 7.0.2 - SQL Injection via Pharmacy Class and Controller
Apr 03, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-0875 MEDIUM
OpenEMR 7.0.1 - Stored Cross-Site Scripting via Secure Messaging InputBody Field
Nov 15, 2024
CVSS 4.8
EPSS 0.06
CVE-2024-37734 CRITICAL
OpenEMR 7.0.2 - Privilege Escalation
Jun 26, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-26476 LOW
openemr < 7.0.2 - Server-Side Request Forgery via ereq_form.php formid Parameter
Feb 28, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-54347 HIGH
OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass
May 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2023-2950 HIGH
OpenEMR < 7.0.1 - Improper Authorization
May 28, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-2949 MEDIUM NUCLEI
OpenEMR < 7.0.1 - Reflected Cross-Site Scripting
May 28, 2023
CVSS 6.1
EPSS 0.72
CVE-2023-2948 MEDIUM NUCLEI
OpenEMR < 7.0.1 - Cross-Site Scripting
May 28, 2023
CVSS 6.1
EPSS 0.84
CVE-2023-2947 MEDIUM
OpenEMR < 7.0.1 - Stored Cross-Site Scripting
May 27, 2023
CVSS 4.8
EPSS 0.23
CVE-2023-2946 HIGH
OpenEMR < 7.0.1 - Improper Access Control
May 27, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-2945 MEDIUM
OpenEMR < 7.0.1 - Missing Authorization
May 27, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2944 MEDIUM
OpenEMR < 7.0.1 - Improper Access Control
May 27, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2943 HIGH
OpenEMR < 7.0.1 - Code Injection
May 27, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-2942 HIGH
OpenEMR < 7.0.1 - Improper Input Validation
May 27, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-2674 MEDIUM
GitHub openemr/openemr <7.0.1 - Info Disclosure
May 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-2566 MEDIUM
OpenEMR < 7.0.1 - Stored Cross-Site Scripting
May 08, 2023
CVSS 4.8
EPSS 0.23
CVE-2023-22974 HIGH
OpenEMR < 7.0.0 - Unauthenticated Path Traversal via setup.php MySQL Connection
Feb 22, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-22973 HIGH
OpenEMR < 7.0.0 - Authenticated Local File Inclusion via formname Parameter
Feb 22, 2023
CVSS 8.8
EPSS 0.01
Products
openemr 217 OpenEMR 1
Quick Filters
Critical CVEs With Exploits In CISA KEV