Openmrs

Openmrs

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-25929

Exploit
  • EPSS 0.07%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 07.07.2025 18:16:37

A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into t...

8

CVE-2025-25928

Exploit
  • EPSS 0.09%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 07.07.2025 18:14:16

A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an a...

6.8

CVE-2025-25927

Exploit
  • EPSS 0.05%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:15:51

A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.

4.8

CVE-2025-25925

Exploit
  • EPSS 0.08%
  • Veröffentlicht 11.03.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:27:00

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm...

9.8

CVE-2021-43094

  • EPSS 0.5%
  • Veröffentlicht 10.05.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:28:40

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.

7.5

CVE-2022-23612

Exploit
  • EPSS 0.4%
  • Veröffentlicht 22.02.2022 23:15:11
  • Zuletzt bearbeitet 21.11.2024 06:48:55

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET re...

6.1

CVE-2020-5733

Exploit
  • EPSS 0.99%
  • Veröffentlicht 17.04.2020 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:34:30

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.

6.1

CVE-2020-5732

Exploit
  • EPSS 0.99%
  • Veröffentlicht 17.04.2020 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:34:30

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to ad...

6.1

CVE-2020-5731

Exploit
  • EPSS 0.33%
  • Veröffentlicht 17.04.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:34:29

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.

6.1

CVE-2020-5730

Exploit
  • EPSS 0.33%
  • Veröffentlicht 17.04.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:34:29

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.