CVSS: 5.4EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1179 – Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1179
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Un usuario no privilegiado puede crear una nueva regla y conllevar a una vulnerabilidad de tipo Cross Site Scripting almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1180 – Reflected Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1181 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.2 • https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1177 – Accounting User Can Download Patient Reports in openemr in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. El Usuario de Contabilidad Puede Descargar Informes de Pacientes en openemr en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0 • https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1178 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •