CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2023-2566 – Cross-site Scripting (XSS) - Stored in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2566
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-22974
https://notcve.org/view.php?id=CVE-2023-22974
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. • https://github.com/gbrsh/CVE-2023-22974 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-22973
https://notcve.org/view.php?id=CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. • https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22972
https://notcve.org/view.php?id=CVE-2023-22972
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. • https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4733 – Cross-site Scripting (XSS) - Stored in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-4733
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub openemr/openemr anterior a 7.0.0.2. • https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •