Search criteria
74 vulnerabilities found for openemr/openemr by openemr
CVE-2024-0875 (GCVE-0-2024-0875)
Vulnerability from cvelistv5 – Published: 2024-11-15 10:57 – Updated: 2024-11-15 20:54
VLAI?
Title
Stored XSS in openemr/openemr
Summary
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.2.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0875",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T20:53:13.800010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:54:38.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the \u0027inputBody\u0027 field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:25.334Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9"
},
{
"url": "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255"
}
],
"source": {
"advisory": "16cba0fc-748d-4ea8-9573-1f6fbe9a27c9",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0875",
"datePublished": "2024-11-15T10:57:25.334Z",
"dateReserved": "2024-01-25T04:04:29.988Z",
"dateUpdated": "2024-11-15T20:54:38.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2948 (GCVE-0-2023-2948)
Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:34
VLAI?
Title
Cross-site Scripting (XSS) - Generic in openemr/openemr
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:34:43.290882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:34:53.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
},
{
"url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
}
],
"source": {
"advisory": "2393e4d9-9e9f-455f-bf50-f20f77b0a64d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2948",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:34:53.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2949 (GCVE-0-2023-2949)
Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:24
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in openemr/openemr
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:24:37.451315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:24:44.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
},
{
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
}
],
"source": {
"advisory": "3842486f-38b1-4150-9f78-b81d0ae580c4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2949",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:24:44.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2950 (GCVE-0-2023-2950)
Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:22
VLAI?
Title
Improper Authorization in openemr/openemr
Summary
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
6.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:16:01.256394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:22:28.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
},
{
"url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
}
],
"source": {
"advisory": "612d13cf-2ef9-44ea-b8fb-e797948a9a86",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2950",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:22:28.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2943 (GCVE-0-2023-2943)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
VLAI?
Title
Code Injection in openemr/openemr
Summary
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
4.6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:29:51.449525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:30:00.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
},
{
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
}
],
"source": {
"advisory": "4190f944-dc2c-4624-9abf-31479456faa9",
"discovery": "EXTERNAL"
},
"title": " Code Injection in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2943",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:30:00.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2945 (GCVE-0-2023-2945)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:28
VLAI?
Title
Missing Authorization in openemr/openemr
Summary
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2945",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:28:04.617661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:28:12.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
},
{
"url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
}
],
"source": {
"advisory": "62de71bd-333d-4593-91a5-534ef7f0c435",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2945",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:28:12.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2942 (GCVE-0-2023-2942)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
VLAI?
Title
Improper Input Validation in openemr/openemr
Summary
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.1 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:30:24.773700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:30:33.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
},
{
"url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
}
],
"source": {
"advisory": "dd56e7a0-9dff-48fc-bc59-9a22d91869eb",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2942",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:30:33.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2946 (GCVE-0-2023-2946)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
6.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2946",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:45:22.206538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:45:42.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
},
{
"url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
}
],
"source": {
"advisory": "e550f4b0-945c-4886-af7f-ee0dc30b2a08",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2946",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:45:42.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2947 (GCVE-0-2023-2947)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
VLAI?
Title
Cross-site Scripting (XSS) - Stored in openemr/openemr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:44:48.511162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:45:05.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
},
{
"url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
}
],
"source": {
"advisory": "52534def-acab-4200-a79a-89ef4ce6a0b0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2947",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:45:05.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2944 (GCVE-0-2023-2944)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:29
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
6.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2944",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:29:22.372489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:29:29.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
},
{
"url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
}
],
"source": {
"advisory": "0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2944",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:29:29.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2674 (GCVE-0-2023-2674)
Vulnerability from cvelistv5 – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:59
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2674",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T15:59:47.244531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T15:59:52.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
},
{
"url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
}
],
"source": {
"advisory": "af73e913-730c-4245-88ce-26fc908d3644",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2674",
"datePublished": "2023-05-12T00:00:00.000Z",
"dateReserved": "2023-05-12T00:00:00.000Z",
"dateUpdated": "2025-01-24T15:59:52.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2566 (GCVE-0-2023-2566)
Vulnerability from cvelistv5 – Published: 2023-05-08 00:00 – Updated: 2025-01-29 17:10
VLAI?
Title
Cross-site Scripting (XSS) - Stored in openemr/openemr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:09:57.482973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T17:10:05.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
},
{
"url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
}
],
"source": {
"advisory": "47d6fc2a-989a-44eb-9cb7-ab4f8bd44496",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2566",
"datePublished": "2023-05-08T00:00:00.000Z",
"dateReserved": "2023-05-08T00:00:00.000Z",
"dateUpdated": "2025-01-29T17:10:05.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4733 (GCVE-0-2022-4733)
Vulnerability from cvelistv5 – Published: 2022-12-24 00:00 – Updated: 2025-04-10 20:14
VLAI?
Title
Cross-site Scripting (XSS) - Stored in openemr/openemr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
Severity ?
6.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:58:52.361814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:14:10.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
},
{
"url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
}
],
"source": {
"advisory": "f353adfb-e5b8-43e7-957a-894670fd4ccd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4733",
"datePublished": "2022-12-24T00:00:00.000Z",
"dateReserved": "2022-12-24T00:00:00.000Z",
"dateUpdated": "2025-04-10T20:14:10.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4615 (GCVE-0-2022-4615)
Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-14 18:03
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in openemr/openemr
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:38.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4615",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:22:48.096944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:03:28.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
},
{
"url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
}
],
"source": {
"advisory": "9c66ece4-bcaa-417d-8b98-e8daff8a728b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4615",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-19T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:03:28.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4567 (GCVE-0-2022-4567)
Vulnerability from cvelistv5 – Published: 2022-12-17 00:00 – Updated: 2025-04-14 18:02
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
Severity ?
8.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4567",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:44:55.988613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:02:23.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-17T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
},
{
"url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
}
],
"source": {
"advisory": "1ac677c4-ec0a-4788-9465-51d9b6bd8fd2",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4567",
"datePublished": "2022-12-17T00:00:00.000Z",
"dateReserved": "2022-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:02:23.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0875 (GCVE-0-2024-0875)
Vulnerability from nvd – Published: 2024-11-15 10:57 – Updated: 2024-11-15 20:54
VLAI?
Title
Stored XSS in openemr/openemr
Summary
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.2.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0875",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T20:53:13.800010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:54:38.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the \u0027inputBody\u0027 field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:25.334Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9"
},
{
"url": "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255"
}
],
"source": {
"advisory": "16cba0fc-748d-4ea8-9573-1f6fbe9a27c9",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0875",
"datePublished": "2024-11-15T10:57:25.334Z",
"dateReserved": "2024-01-25T04:04:29.988Z",
"dateUpdated": "2024-11-15T20:54:38.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2948 (GCVE-0-2023-2948)
Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:34
VLAI?
Title
Cross-site Scripting (XSS) - Generic in openemr/openemr
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:34:43.290882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:34:53.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
},
{
"url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
}
],
"source": {
"advisory": "2393e4d9-9e9f-455f-bf50-f20f77b0a64d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2948",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:34:53.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2949 (GCVE-0-2023-2949)
Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:24
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in openemr/openemr
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:24:37.451315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:24:44.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
},
{
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
}
],
"source": {
"advisory": "3842486f-38b1-4150-9f78-b81d0ae580c4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2949",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:24:44.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2950 (GCVE-0-2023-2950)
Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:22
VLAI?
Title
Improper Authorization in openemr/openemr
Summary
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
6.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:16:01.256394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:22:28.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
},
{
"url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
}
],
"source": {
"advisory": "612d13cf-2ef9-44ea-b8fb-e797948a9a86",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2950",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:22:28.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2943 (GCVE-0-2023-2943)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
VLAI?
Title
Code Injection in openemr/openemr
Summary
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
4.6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:29:51.449525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:30:00.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
},
{
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
}
],
"source": {
"advisory": "4190f944-dc2c-4624-9abf-31479456faa9",
"discovery": "EXTERNAL"
},
"title": " Code Injection in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2943",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:30:00.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2945 (GCVE-0-2023-2945)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:28
VLAI?
Title
Missing Authorization in openemr/openemr
Summary
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2945",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:28:04.617661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:28:12.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
},
{
"url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
}
],
"source": {
"advisory": "62de71bd-333d-4593-91a5-534ef7f0c435",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2945",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:28:12.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2942 (GCVE-0-2023-2942)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
VLAI?
Title
Improper Input Validation in openemr/openemr
Summary
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.1 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:30:24.773700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:30:33.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
},
{
"url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
}
],
"source": {
"advisory": "dd56e7a0-9dff-48fc-bc59-9a22d91869eb",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2942",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:30:33.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2946 (GCVE-0-2023-2946)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
6.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2946",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:45:22.206538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:45:42.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
},
{
"url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
}
],
"source": {
"advisory": "e550f4b0-945c-4886-af7f-ee0dc30b2a08",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2946",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:45:42.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2947 (GCVE-0-2023-2947)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
VLAI?
Title
Cross-site Scripting (XSS) - Stored in openemr/openemr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:44:48.511162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:45:05.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
},
{
"url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
}
],
"source": {
"advisory": "52534def-acab-4200-a79a-89ef4ce6a0b0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2947",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:45:05.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2944 (GCVE-0-2023-2944)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:29
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
6.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2944",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:29:22.372489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:29:29.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
},
{
"url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
}
],
"source": {
"advisory": "0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2944",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:29:29.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2674 (GCVE-0-2023-2674)
Vulnerability from nvd – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:59
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2674",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T15:59:47.244531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T15:59:52.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
},
{
"url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
}
],
"source": {
"advisory": "af73e913-730c-4245-88ce-26fc908d3644",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2674",
"datePublished": "2023-05-12T00:00:00.000Z",
"dateReserved": "2023-05-12T00:00:00.000Z",
"dateUpdated": "2025-01-24T15:59:52.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2566 (GCVE-0-2023-2566)
Vulnerability from nvd – Published: 2023-05-08 00:00 – Updated: 2025-01-29 17:10
VLAI?
Title
Cross-site Scripting (XSS) - Stored in openemr/openemr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:09:57.482973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T17:10:05.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
},
{
"url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
}
],
"source": {
"advisory": "47d6fc2a-989a-44eb-9cb7-ab4f8bd44496",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2566",
"datePublished": "2023-05-08T00:00:00.000Z",
"dateReserved": "2023-05-08T00:00:00.000Z",
"dateUpdated": "2025-01-29T17:10:05.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4733 (GCVE-0-2022-4733)
Vulnerability from nvd – Published: 2022-12-24 00:00 – Updated: 2025-04-10 20:14
VLAI?
Title
Cross-site Scripting (XSS) - Stored in openemr/openemr
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
Severity ?
6.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:58:52.361814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:14:10.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
},
{
"url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
}
],
"source": {
"advisory": "f353adfb-e5b8-43e7-957a-894670fd4ccd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4733",
"datePublished": "2022-12-24T00:00:00.000Z",
"dateReserved": "2022-12-24T00:00:00.000Z",
"dateUpdated": "2025-04-10T20:14:10.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4615 (GCVE-0-2022-4615)
Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-14 18:03
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in openemr/openemr
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
Severity ?
8.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:38.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4615",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:22:48.096944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:03:28.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
},
{
"url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
}
],
"source": {
"advisory": "9c66ece4-bcaa-417d-8b98-e8daff8a728b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4615",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-19T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:03:28.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4567 (GCVE-0-2022-4567)
Vulnerability from nvd – Published: 2022-12-17 00:00 – Updated: 2025-04-14 18:02
VLAI?
Title
Improper Access Control in openemr/openemr
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
Severity ?
8.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Affected:
unspecified , < 7.0.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4567",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:44:55.988613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:02:23.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-17T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
},
{
"url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
}
],
"source": {
"advisory": "1ac677c4-ec0a-4788-9465-51d9b6bd8fd2",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4567",
"datePublished": "2022-12-17T00:00:00.000Z",
"dateReserved": "2022-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:02:23.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}