CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2493 – Data Access from Outside Expected Data Manager Component in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-2493
22 Jul 2022 — Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. Un Acceso a Datos desde Fuera del Componente de Administración de Datos Esperado en el repositorio de GitHub openemr/openemr versiones anteriores a 7.0.0 • https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908 • CWE-1083: Data Access from Outside Expected Data Manager Component •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1461 – Non Privilege User can Enable or Disable Registered in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1461
25 Apr 2022 — Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado puede Habilitar o Deshabilitar el Registro en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1220: Insufficient Granularity of Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1459 – Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1459
25 Apr 2022 — Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado Puede Visualizar las Revelaciones del Paciente en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1118: Insufficient Documentation of Error Handling Techniques •
CVSS: 7.3EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1458 – Stored XSS Leads To Session Hijacking in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1458
25 Apr 2022 — Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Un ataque de tipo XSS almacenado conlleva a un Secuestro de Sesión en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 4%CPEs: 1EXPL: 1CVE-2022-1179 – Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1179
30 Mar 2022 — Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Un usuario no privilegiado puede crear una nueva regla y conllevar a una vulnerabilidad de tipo Cross Site Scripting almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1180 – Reflected Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1180
30 Mar 2022 — Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 4%CPEs: 1EXPL: 1CVE-2022-1181 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1181
30 Mar 2022 — Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.2 • https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1177 – Accounting User Can Download Patient Reports in openemr in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1177
30 Mar 2022 — Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. El Usuario de Contabilidad Puede Descargar Informes de Pacientes en openemr en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0 • https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 4%CPEs: 1EXPL: 1CVE-2022-1178 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1178
30 Mar 2022 — Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32103
https://notcve.org/view.php?id=CVE-2021-32103
07 May 2021 — A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter. Una vulnerabilidad de tipo XSS almacenado en el archivo interface/usergroup/usergroup_admin.php en OpenEMR versiones anteriores a 5.0.2.1, permite a un usuario autenticado por un administrador inyectar un script web o HTML arbitrario por medio del parámetro lname • https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •