Page 8 of 89 results (0.008 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Reflejado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.0EPSS: 5%CPEs: 1EXPL: 1

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.2 • https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. El Usuario de Contabilidad Puede Descargar Informes de Pacientes en openemr en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0 • https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •

CVSS: 7.3EPSS: 5%CPEs: 1EXPL: 1

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Una vulnerabilidad de tipo Cross Site Scripting Almacenado en el repositorio de GitHub openemr/openemr versiones anteriores a 6.0.0.4 • https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter. Una vulnerabilidad de tipo XSS almacenado en el archivo interface/usergroup/usergroup_admin.php en OpenEMR versiones anteriores a 5.0.2.1, permite a un usuario autenticado por un administrador inyectar un script web o HTML arbitrario por medio del parámetro lname • https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431 https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592 https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •