CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2493 – Data Access from Outside Expected Data Manager Component in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-2493
22 Jul 2022 — Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. Un Acceso a Datos desde Fuera del Componente de Administración de Datos Esperado en el repositorio de GitHub openemr/openemr versiones anteriores a 7.0.0 • https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908 • CWE-1083: Data Access from Outside Expected Data Manager Component •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1461 – Non Privilege User can Enable or Disable Registered in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1461
25 Apr 2022 — Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado puede Habilitar o Deshabilitar el Registro en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1220: Insufficient Granularity of Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1459 – Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1459
25 Apr 2022 — Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado Puede Visualizar las Revelaciones del Paciente en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1118: Insufficient Documentation of Error Handling Techniques •
CVSS: 7.3EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1458 – Stored XSS Leads To Session Hijacking in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1458
25 Apr 2022 — Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Un ataque de tipo XSS almacenado conlleva a un Secuestro de Sesión en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13567
https://notcve.org/view.php?id=CVE-2020-13567
18 Apr 2022 — Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de inyección SQL en phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 4%CPEs: 1EXPL: 1CVE-2022-1179 – Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1179
30 Mar 2022 — Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Un usuario no privilegiado puede crear una nueva regla y conllevar a una vulnerabilidad de tipo Cross Site Scripting almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1180 – Reflected Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1180
30 Mar 2022 — Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 4%CPEs: 1EXPL: 1CVE-2022-1181 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1181
30 Mar 2022 — Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.2 • https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1177 – Accounting User Can Download Patient Reports in openemr in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1177
30 Mar 2022 — Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. El Usuario de Contabilidad Puede Descargar Informes de Pacientes en openemr en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0 • https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 4%CPEs: 1EXPL: 1CVE-2022-1178 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1178
30 Mar 2022 — Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •