CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1180 – Reflected Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1181 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.2 • https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1177 – Accounting User Can Download Patient Reports in openemr in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. El Usuario de Contabilidad Puede Descargar Informes de Pacientes en openemr en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0 • https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 5%CPEs: 1EXPL: 1CVE-2022-1178 – Stored Cross Site Scripting in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25923
https://notcve.org/view.php?id=CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. En OpenEMR, versiones 5.0.0 hasta 6.0.0.1, son vulnerables a requisitos de contraseñas débiles, ya que no aplica un límite de longitud máxima de la contraseña. Si un usuario malicioso esta consciente los primeros 72 caracteres de la contraseña del usuario víctima, puede aprovecharlos para hacerse con una cuenta • https://github.com/openemr/openemr/commit/28ca5c008d4a408b60001a67dfd3e0915f9181e0 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25923 • CWE-521: Weak Password Requirements •