open-emr

217 tracked vulnerabilities.

CVE-2018-17179 CRITICAL
OpenEMR < 5.0.1.7 - SQL Injection via taskman.php
May 17, 2019
CVSS 9.8
EPSS 0.12
CVE-2018-18035 MEDIUM
OpenEMR < 5.0.1.6 - Unauthenticated Cross-Site Scripting via flashcanvas.swf
Apr 02, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-1000219 MEDIUM
OpenEMR v5_0_1_4 - Authenticated Cross-Site Scripting via 'scan' Parameter
Aug 20, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-1000218 MEDIUM
OpenEMR v5_0_1_4 - Authenticated Stored Cross-Site Scripting via Fax View File Parameter
Aug 20, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-15156 HIGH
OpenEMR <5.0.1.4 - Command Injection
Aug 15, 2018
CVSS 8.8
EPSS 0.04
CVE-2018-15155 HIGH
OpenEMR <5.0.1.4 - Command Injection
Aug 15, 2018
CVSS 8.8
EPSS 0.04
CVE-2018-15154 HIGH
OpenEMR <5.0.1.4 - Command Injection
Aug 15, 2018
CVSS 8.8
EPSS 0.05
CVE-2018-15153 HIGH
OpenEMR <5.0.1.4 - Command Injection
Aug 15, 2018
CVSS 8.8
EPSS 0.49
CVE-2018-15152 CRITICAL
OpenEMR < 5.0.1.4 - Unauthenticated Authentication Bypass via Patient Portal Registration
Aug 15, 2018
CVSS 9.1
EPSS 0.09
CVE-2018-15151 HIGH
OpenEMR < 5.0.1.3 - Authenticated SQL Injection via search_term Parameter
Aug 15, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15150 HIGH
OpenEMR < 5.0.1.3 - Authenticated SQL Injection via temporary_files_dir Parameter
Aug 15, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15149 HIGH
OpenEMR < 5.0.1.3 - Authenticated SQL Injection via Encounter Parameter
Aug 15, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15148 HIGH
OpenEMR < 5.0.1.3 - Authenticated SQL Injection via Text Parameter
Aug 15, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15147 HIGH
OpenEMR < 5.0.1.3 - Authenticated SQL Injection via 'id' Parameter
Aug 15, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15146 HIGH
OpenEMR < 5.0.1.3 - Authenticated SQL Injection via search_term Parameter
Aug 15, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15145 CRITICAL
OpenEMR < 5.0.1.4 - SQL Injection via eid userid or pid Parameter
Aug 13, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-15144 HIGH
OpenEMR < 5.0.1.4 - Authenticated SQL Injection via search_term Parameter
Aug 13, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-15143 CRITICAL
OpenEMR < 5.0.1.4 - SQL Injection via catid or providerid Parameter
Aug 13, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-15142 HIGH
OpenEMR < 5.0.1.4 - Authenticated Path Traversal and Arbitrary PHP File Write via Patient Portal Import Template
Aug 13, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-15141 MEDIUM
OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template
Aug 13, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-15140 MEDIUM
OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template
Aug 13, 2018
CVSS 6.5
EPSS 0.02
CVE-2018-15139 HIGH
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Aug 13, 2018
CVSS 8.8
EPSS 0.78
CVE-2018-9250 HIGH
OpenEMR < 5.0.1.1 - Authenticated SQL Injection via newlistname Parameter
May 18, 2018
CVSS 8.8
EPSS 0.25
CVE-2018-10573 HIGH
OpenEMR < 5.0.1 - Authenticated Access Control Bypass via Fax Dispatch Scan Parameter
Apr 30, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-10572 MEDIUM
OpenEMR < 5.0.1 - Authenticated Access Control Bypass via Letter Template Parameters
Apr 30, 2018
CVSS 6.5
EPSS 0.00
Products
openemr 217 OpenEMR 1
Quick Filters
Critical CVEs With Exploits In CISA KEV