Openemr

Openemr

91 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2026-33346

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.03.2026 20:33:10
  • Zuletzt bearbeitet 20.03.2026 19:16:19

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist ar...

5.4

CVE-2026-33305

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.03.2026 20:30:57
  • Zuletzt bearbeitet 20.03.2026 15:05:28

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) allows any authenticated OpenEMR user to invoke cont...

6.5

CVE-2026-33304

Exploit
  • EPSS 0.08%
  • Veröffentlicht 19.03.2026 20:27:00
  • Zuletzt bearbeitet 20.03.2026 15:06:16

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging ...

5.4

CVE-2026-33303

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.03.2026 20:25:05
  • Zuletzt bearbeitet 20.03.2026 15:07:01

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential prin...

8.1

CVE-2026-33302

Exploit
  • EPSS 0.1%
  • Veröffentlicht 19.03.2026 20:23:17
  • Zuletzt bearbeitet 20.03.2026 15:53:44

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence of any "allow" (user or group). It never checks fo...

7.6

CVE-2026-33321

Exploit
  • EPSS 0.11%
  • Veröffentlicht 19.03.2026 20:20:37
  • Zuletzt bearbeitet 20.03.2026 15:03:34

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be print...

8.1

CVE-2026-33301

Exploit
  • EPSS 0.11%
  • Veröffentlicht 19.03.2026 20:10:43
  • Zuletzt bearbeitet 20.03.2026 16:16:47

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The answers to the form can be prin...

5.4

CVE-2026-33299

Exploit
  • EPSS 0.17%
  • Veröffentlicht 19.03.2026 20:07:58
  • Zuletzt bearbeitet 20.03.2026 16:17:24

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill **Eye Exam** forms in patient encounters. The answers to the form are disp...

4.4

CVE-2026-32119

Exploit
  • EPSS 0.01%
  • Veröffentlicht 19.03.2026 19:41:47
  • Zuletzt bearbeitet 20.03.2026 16:20:15

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin (`library/js/SearchHighlight.js`) allows an authenticated user with e...

9.1

CVE-2026-32238

Exploit
  • EPSS 0.41%
  • Veröffentlicht 19.03.2026 19:30:53
  • Zuletzt bearbeitet 20.03.2026 19:16:15

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers....