CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1461 – Non Privilege User can Enable or Disable Registered in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1461
25 Apr 2022 — Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado puede Habilitar o Deshabilitar el Registro en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1220: Insufficient Granularity of Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1459 – Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1459
25 Apr 2022 — Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado Puede Visualizar las Revelaciones del Paciente en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1118: Insufficient Documentation of Error Handling Techniques •
CVSS: 7.3EPSS: 10%CPEs: 1EXPL: 1CVE-2022-1458 – Stored XSS Leads To Session Hijacking in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1458
25 Apr 2022 — Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Un ataque de tipo XSS almacenado conlleva a un Secuestro de Sesión en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13567
https://notcve.org/view.php?id=CVE-2020-13567
18 Apr 2022 — Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de inyección SQL en phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 50%CPEs: 1EXPL: 1CVE-2022-1179 – Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1179
30 Mar 2022 — Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Un usuario no privilegiado puede crear una nueva regla y conllevar a una vulnerabilidad de tipo Cross Site Scripting almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 18%CPEs: 1EXPL: 1CVE-2022-1180 – Reflected Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1180
30 Mar 2022 — Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 28%CPEs: 1EXPL: 1CVE-2022-1181 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1181
30 Mar 2022 — Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.2 • https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 1CVE-2022-1177 – Accounting User Can Download Patient Reports in openemr in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1177
30 Mar 2022 — Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. El Usuario de Contabilidad Puede Descargar Informes de Pacientes en openemr en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0 • https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 24%CPEs: 1EXPL: 1CVE-2022-1178 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1178
30 Mar 2022 — Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25923
https://notcve.org/view.php?id=CVE-2021-25923
24 Jun 2021 — In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. En OpenEMR, versiones 5.0.0 hasta 6.0.0.1, son vulnerables a requisitos de contraseñas débiles, ya que no aplica un límite de longitud máxima de la contraseña. Si un usuario malicioso esta consciente los primeros 72 caracteres de la contraseña... • https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0 • CWE-521: Weak Password Requirements •