Vulnerabilidades en OpenEMR
121 resultadosCVE-2025-54373HIGHOpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilegeEPSS 0.4%CVE-2024-0875HIGHStored XSS in openemr/openemrEPSS 0.4%CVE-2026-33931MEDIUMOpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record AccessEPSS 0.4%CVE-2025-67645HIGHOpenEMR Vulnerable to Broken Access Control in Profile Edit EndpointEPSS 0.3%CVE-2026-33909MEDIUMOpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder ProcessingEPSS 0.3%CVE-2026-32127HIGHSQL Injection Vulnerability in ajax graphs library (OpenEMR)EPSS 0.3%CVE-2026-25131HIGHOpenEMR has Broken Access Control in Procedures ConfigurationEPSS 0.3%CVE-2026-33346HIGHOpenEMR has stored XSS in portal_payment.php via Unescaped table_argsEPSS 0.3%CVE-2026-33302HIGHOpenEMR: zhAclCheck Ignores Explicit ACL DeniesEPSS 0.3%CVE-2026-25476HIGHOpenEMR has Session Timeout Bypass via skip_timeout_resetEPSS 0.3%CVE-2026-33304MEDIUMOpenEMR has Authorization Bypass in Dated Reminders LogEPSS 0.3%CVE-2026-33348HIGHOpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3EPSS 0.3%CVE-2026-33913HIGHOpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server FilesEPSS 0.3%CVE-2026-32118MEDIUMOpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation textEPSS 0.3%CVE-2026-33321HIGHOpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)EPSS 0.3%CVE-2025-30149MEDIUMOpenEMR Reflected XSS in AJAX ScriptEPSS 0.3%CVE-2026-25745MEDIUMOpenEMR's Message Update Ignores Patient idEPSS 0.3%CVE-2026-33933MEDIUMReflected XSS via Unescaped contextName Parameter in Custom Template EditorEPSS 0.3%CVE-2026-34056HIGHOpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only DataEPSS 0.3%CVE-2026-34055HIGHOpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modificationEPSS 0.3%