open-emr
217 tracked vulnerabilities.
CVE-2022-1177
MEDIUM
OpenEMR < 6.1.0 - Insufficient Access Control for Patient Reports
Mar 30, 2022
CVSS 4.3
EPSS 0.03
CVE-2022-24643
MEDIUM
OpenEMR Hospital Information Management System <6.0.0 - XSS
Mar 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25041
MEDIUM
OpenEMR 6.0.0 - Incorrect Access Control
Mar 23, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-25471
HIGH
OpenEMR 6.0.0 - Authenticated Insecure Direct Object Reference via Installer Module
Mar 03, 2022
CVSS 8.1
EPSS 0.01
CVE-2021-47817
MEDIUM
OpenEMR 5.0.2.1 - Authenticated Stored Cross-Site Scripting via User Profile Parameters
Jan 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2021-41843
MEDIUM
OpenEMR 6.0.0 - Authenticated SQL Injection via Calendar Search Provider ID Parameter
Dec 17, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-40352
MEDIUM
OpenEMR 6.0.0 - Unauthenticated Insecure Direct Object Reference via pnotes_print.php noteid Parameter
Sep 01, 2021
CVSS 6.5
EPSS 0.05
CVE-2021-25923
HIGH
OpenEMR 5.0.0-6.0.0.1 - Weak Password Requirements
Jun 24, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-32104
HIGH
OpenEMR 5.0.2.1 - Authenticated SQL Injection in eye_mag/save.php
May 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-32103
MEDIUM
OpenEMR < 5.0.2.1 - Authenticated Stored Cross-Site Scripting via lname Parameter
May 07, 2021
CVSS 4.8
EPSS 0.01
CVE-2021-32102
HIGH
OpenEMR 5.0.2.1 - Authenticated SQL Injection in Custom Template AJAX Handler
May 07, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-32101
HIGH
OpenEMR 5.0.2.1 - Unauthenticated Incorrect Permission Assignment for Critical Resource in Patient Portal
May 07, 2021
CVSS 8.2
EPSS 0.00
CVE-2021-25922
MEDIUM
OpenEMR 4.2.0-6.0.0 - Reflected Cross-Site Scripting
Mar 22, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-25921
MEDIUM
OpenEMR 2.7.3-6.0.0 - Stored Cross-Site Scripting in Allergies Section
Mar 22, 2021
CVSS 5.4
EPSS 0.31
CVE-2021-25920
MEDIUM
OpenEMR <6.0.0 - Privilege Escalation
Mar 22, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-25919
MEDIUM
OpenEMR 5.0.2-6.0.0 - Stored Cross-Site Scripting in User Input Fields
Mar 22, 2021
CVSS 4.8
EPSS 0.32
CVE-2021-25918
MEDIUM
OpenEMR 5.0.2-6.0.0 - Stored Cross-Site Scripting in TOTP Authentication Method Page
Mar 22, 2021
CVSS 4.8
EPSS 0.03
CVE-2021-25917
MEDIUM
OpenEMR 5.0.2-6.0.0 - Stored Cross-Site Scripting in U2F USB Device Authentication Page
Mar 22, 2021
CVSS 4.8
EPSS 0.03
CVE-2020-13567
CRITICAL
Open-emr Openemr - SQL Injection
Apr 18, 2022
CVSS 9.8
EPSS 0.00
CVE-2020-13568
HIGH
Open-emr Openemr - SQL Injection
Apr 13, 2021
CVSS 8.8
EPSS 0.00
CVE-2020-13566
HIGH
Open-emr Openemr - SQL Injection
Apr 13, 2021
CVSS 8.8
EPSS 0.00
CVE-2020-29143
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via form_code Parameter
Feb 15, 2021
CVSS 7.2
EPSS 0.00
CVE-2020-29140
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via Immunization Report form_code Parameter
Feb 15, 2021
CVSS 7.2
EPSS 0.00
CVE-2020-29139
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via searchFields Parameter
Feb 15, 2021
CVSS 7.2
EPSS 0.00
CVE-2020-29142
HIGH
OpenEMR < 5.0.2.5 - Authenticated SQL Injection via schedule_facility Parameter
Feb 15, 2021
CVSS 7.2
EPSS 0.00
Products
Quick Filters