CVE-2015-4591
- EPSS 5.13%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
CVE-2015-4592
- EPSS 3.35%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
CVE-2015-4593
- EPSS 3.36%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the c...
CVE-2015-4594
- EPSS 6.24%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.