Vulnerabilidades en openemr
121 resultadosCVE-2023-2948HIGHCross-site Scripting (XSS) - Generic in openemr/openemrEPSS 96.7%CVE-2022-2733CRITICALCross-site Scripting (XSS) - Reflected in openemr/openemrEPSS 95.8%CVE-2023-2947MEDIUMCross-site Scripting (XSS) - Stored in openemr/openemrEPSS 90.8%CVE-2022-1179MEDIUMNon-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemrEPSS 76.9%CVE-2022-1178HIGHStored Cross Site Scripting in openemr/openemrEPSS 51.6%CVE-2022-1181HIGHStored Cross Site Scripting in openemr/openemrEPSS 51.5%CVE-2025-31121HIGHOpenEMR allows XSS in Patient Image featureEPSS 12.1%CVE-2026-24848HIGHOpenEMR Arbitrary File Write leading to Remote Code ExecutionEPSS 6.8%CVE-2025-30161HIGHOpenEMR Stored XSS in OpenEMR Bronchitis FormEPSS 6.3%CVE-2025-69231HIGHOpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege EscalationEPSS 4.2%CVE-2025-32794HIGHOpenEMR Stored XSS via Patient Name Field in Procedure OrdersEPSS 4.0%CVE-2025-43860HIGHOpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient DemographicsEPSS 3.5%CVE-2026-25746HIGHOpenEMR has SQL Injection VulnerabilityEPSS 3.1%CVE-2020-13567HIGHMultiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker canEPSS 2.3%CVE-2026-24849CRITICALOpenEMR Arbitrary File Read VulnerabilityEPSS 2.2%CVE-2026-32238CRITICALOpenEMR has Remote Code Execution in backup functionalityEPSS 1.9%CVE-2023-2949HIGHCross-site Scripting (XSS) - Reflected in openemr/openemrEPSS 1.5%CVE-2022-4506HIGHUnrestricted Upload of File with Dangerous Type in openemr/openemrEPSS 1.1%CVE-2022-1459HIGHNon-Privilege User Can View Patient’s Disclosures in openemr/openemrEPSS 1.0%CVE-2022-2493HIGHData Access from Outside Expected Data Manager Component in openemr/openemrEPSS 0.9%