CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2023-2566 – Cross-site Scripting (XSS) - Stored in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2566
08 May 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22972
https://notcve.org/view.php?id=CVE-2023-22972
22 Feb 2023 — A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. • https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 1CVE-2023-22973
https://notcve.org/view.php?id=CVE-2023-22973
22 Feb 2023 — A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. • https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2023-22974
https://notcve.org/view.php?id=CVE-2023-22974
22 Feb 2023 — A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. • https://github.com/gbrsh/CVE-2023-22974 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4733 – Cross-site Scripting (XSS) - Stored in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4733
24 Dec 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4615 – Cross-site Scripting (XSS) - Reflected in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4615
19 Dec 2022 — Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Cross-Site Scripting (XSS) Reflejado en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4567 – Improper Access Control in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4567
17 Dec 2022 — Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. Control de acceso inadecuado en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4 • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4503 – Cross-site Scripting (XSS) - Generic in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4503
15 Dec 2022 — Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. Cross-Site Scripting (XSS): genérico en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4506 – Unrestricted Upload of File with Dangerous Type in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4506
15 Dec 2022 — Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. Carga sin restricciones de archivos con tipo peligroso en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4505 – Authorization Bypass Through User-Controlled Key in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4505
15 Dec 2022 — Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. Omisión de autorización a través de una clave controlada por el usuario en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33 • CWE-639: Authorization Bypass Through User-Controlled Key •