CVE-2015-4591
- EPSS 2.26%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
CVE-2015-4592
- EPSS 0.58%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
CVE-2015-4593
- EPSS 0.19%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the c...
CVE-2015-4594
- EPSS 12.26%
- Veröffentlicht 10.01.2017 15:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.