| Max CVSS | 9.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-1000020 | 4.3 |
OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
|
01-03-2018 - 15:16 | 09-02-2018 - 23:29 | |
| CVE-2018-1000019 | 9.0 |
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
|
01-03-2018 - 15:16 | 09-02-2018 - 23:29 | |
| CVE-2012-2115 | 7.5 |
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
29-08-2017 - 01:31 | 09-09-2012 - 21:55 | |
| CVE-2012-0992 | 8.5 |
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
|
29-08-2017 - 01:31 | 07-02-2012 - 21:55 | |
| CVE-2012-0991 | 3.5 |
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) tr
|
29-08-2017 - 01:31 | 07-02-2012 - 21:55 |