Openmrs

Openmrs

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-40076

Exploit
  • EPSS 0.85%
  • Veröffentlicht 06.05.2026 19:32:13
  • Zuletzt bearbeitet 11.05.2026 14:55:45

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attac...

7.5

CVE-2026-40075

Exploit
  • EPSS 0.56%
  • Veröffentlicht 05.05.2026 22:16:00
  • Zuletzt bearbeitet 12.05.2026 16:18:14

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResources...

5.4

CVE-2025-25929

Exploit
  • EPSS 0.3%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 07.07.2025 18:16:37

A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into t...

8

CVE-2025-25928

Exploit
  • EPSS 0.27%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 07.07.2025 18:14:16

A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an a...

6.8

CVE-2025-25927

Exploit
  • EPSS 0.24%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:15:51

A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.

4.8

CVE-2025-25925

Exploit
  • EPSS 0.32%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:27:00

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm...

9.8

CVE-2021-43094

  • EPSS 1.2%
  • Veröffentlicht 10.05.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:28:40

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.

7.5

CVE-2022-23612

Exploit
  • EPSS 1.9%
  • Veröffentlicht 22.02.2022 23:15:11
  • Zuletzt bearbeitet 21.11.2024 06:48:55

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET re...

6.1

CVE-2020-5732

Exploit
  • EPSS 1.18%
  • Veröffentlicht 17.04.2020 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:34:30

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to ad...

6.1

CVE-2020-5733

Exploit
  • EPSS 1.18%
  • Veröffentlicht 17.04.2020 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:34:30

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.