
CVE-2024-37734
https://notcve.org/view.php?id=CVE-2024-37734
26 Jun 2024 — An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. Un problema en OpenEMR 7.0.2 permite a un atacante remoto escalar privilegios mediante una solicitud POST manipulada utilizando el parámetro noteid. • https://github.com/A3h1nt/CVEs/tree/main/OpenEMR • CWE-279: Incorrect Execution-Assigned Permissions •

CVE-2024-26476
https://notcve.org/view.php?id=CVE-2024-26476
28 Feb 2024 — An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. Un problema en open-emr anterior a v.7.0.2 permite a un atacante remoto escalar privilegios mediante un script manipulado al parámetro formid en el componente ereq_form.php. • https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md • CWE-918: Server-Side Request Forgery (SSRF) •

CVE-2023-2948 – Cross-site Scripting (XSS) - Generic in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2948
28 May 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-2949 – Cross-site Scripting (XSS) - Reflected in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2949
28 May 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-2950 – Improper Authorization in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2950
28 May 2023 — Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4 • CWE-285: Improper Authorization •

CVE-2023-2947 – Cross-site Scripting (XSS) - Stored in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2947
27 May 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-2946 – Improper Access Control in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2946
27 May 2023 — Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4 • CWE-284: Improper Access Control •

CVE-2023-2945 – Missing Authorization in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2945
27 May 2023 — Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1 • CWE-862: Missing Authorization •

CVE-2023-2942 – Improper Input Validation in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2942
27 May 2023 — Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9 • CWE-20: Improper Input Validation •

CVE-2023-2943 – Code Injection in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2943
27 May 2023 — Code Injection in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •