CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2493 – Data Access from Outside Expected Data Manager Component in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-2493
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. Un Acceso a Datos desde Fuera del Componente de Administración de Datos Esperado en el repositorio de GitHub openemr/openemr versiones anteriores a 7.0.0 • https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908 https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1 • CWE-1083: Data Access from Outside Expected Data Manager Component •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1461 – Non Privilege User can Enable or Disable Registered in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1461
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado puede Habilitar o Deshabilitar el Registro en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1220: Insufficient Granularity of Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1459 – Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1459
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado Puede Visualizar las Revelaciones del Paciente en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1118: Insufficient Documentation of Error Handling Techniques •
CVSS: 7.3EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1458 – Stored XSS Leads To Session Hijacking in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1458
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Un ataque de tipo XSS almacenado conlleva a un Secuestro de Sesión en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1179 – Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1179
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Un usuario no privilegiado puede crear una nueva regla y conllevar a una vulnerabilidad de tipo Cross Site Scripting almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •