130 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

26 Jun 2024 — An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. Un problema en OpenEMR 7.0.2 permite a un atacante remoto escalar privilegios mediante una solicitud POST manipulada utilizando el parámetro noteid. • https://github.com/A3h1nt/CVEs/tree/main/OpenEMR • CWE-279: Incorrect Execution-Assigned Permissions •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

28 Feb 2024 — An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. Un problema en open-emr anterior a v.7.0.2 permite a un atacante remoto escalar privilegios mediante un script manipulado al parámetro formid en el componente ereq_form.php. • https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.3EPSS: 83%CPEs: 1EXPL: 1

28 May 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 72%CPEs: 1EXPL: 1

28 May 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1

28 May 2023 — Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4 • CWE-285: Improper Authorization •

CVSS: 4.8EPSS: 20%CPEs: 1EXPL: 1

27 May 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1

27 May 2023 — Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

27 May 2023 — Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1 • CWE-862: Missing Authorization •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1

27 May 2023 — Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

27 May 2023 — Code Injection in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •