Open-emr

Openemr

218 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2026-32120

Exploit
  • EPSS 0.25%
  • Veröffentlicht 25.03.2026 22:27:38
  • Zuletzt bearbeitet 26.03.2026 18:03:30

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee sheet product save logic (`library/FeeSheet.class.p...

8.8

CVE-2026-29187

Exploit
  • EPSS 0.47%
  • Veröffentlicht 25.03.2026 22:24:24
  • Zuletzt bearbeitet 26.03.2026 16:19:59

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality (/interface/new/new_search_popup.php). T...

8.7

CVE-2026-33346

Exploit
  • EPSS 0.32%
  • Veröffentlicht 19.03.2026 20:33:10
  • Zuletzt bearbeitet 20.03.2026 19:16:19

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist ar...

5.4

CVE-2026-33305

Exploit
  • EPSS 0.21%
  • Veröffentlicht 19.03.2026 20:30:57
  • Zuletzt bearbeitet 20.03.2026 15:05:28

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) allows any authenticated OpenEMR user to invoke cont...

6.5

CVE-2026-33304

Exploit
  • EPSS 0.31%
  • Veröffentlicht 19.03.2026 20:27:00
  • Zuletzt bearbeitet 20.03.2026 15:06:16

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging ...

5.4

CVE-2026-33303

Exploit
  • EPSS 0.24%
  • Veröffentlicht 19.03.2026 20:25:05
  • Zuletzt bearbeitet 20.03.2026 15:07:01

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential prin...

8.1

CVE-2026-33302

Exploit
  • EPSS 0.32%
  • Veröffentlicht 19.03.2026 20:23:17
  • Zuletzt bearbeitet 20.03.2026 15:53:44

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence of any "allow" (user or group). It never checks fo...

7.6

CVE-2026-33321

Exploit
  • EPSS 0.28%
  • Veröffentlicht 19.03.2026 20:20:37
  • Zuletzt bearbeitet 20.03.2026 15:03:34

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be print...

8.1

CVE-2026-33301

Exploit
  • EPSS 0.44%
  • Veröffentlicht 19.03.2026 20:10:43
  • Zuletzt bearbeitet 20.03.2026 16:16:47

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be prin...

5.4

CVE-2026-33299

Exploit
  • EPSS 0.17%
  • Veröffentlicht 19.03.2026 20:07:58
  • Zuletzt bearbeitet 20.03.2026 16:17:24

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill **Eye Exam** forms in patient encounters. The answers to the form are disp...