Open-emr Openemr
15 CVEs affecting Open-emr Openemr. Latest disclosed: 2026-05-05. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-9380 | High | 8.8 | 2017-06-02 | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vu… |
CVE-2017-1000241 | High | 8.1 | 2017-11-17 | The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenti… |
CVE-2023-54347 | High | 7.5 | 2026-05-05 | OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts… |
CVE-2017-16540 | High | 7.5 | 2017-11-04 | OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an… |
CVE-2017-12064 | High | 7.5 | 2017-08-01 | The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a craft… |
CVE-2017-6394 | Medium | 6.1 | 2017-03-02 | Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-sup… |
CVE-2021-47817 | Medium | 5.4 | 2026-01-21 | OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user profile parameters that authenticated attackers can chain with a file upload to achieve r… |
CVE-2017-1000240 | Medium | 5.4 | 2017-11-17 | The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These… |
CVE-2015-4453 | | 2015-07-05 | interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via a… | |
CVE-2014-5462 | | 2014-12-08 | Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) la… | |
CVE-2013-4620 | | 2013-08-09 | Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web scr… | |
CVE-2013-4619 | | 2013-08-09 | Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end paramet… | |
CVE-2012-2115 | | 2012-09-09 | SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands… | |
CVE-2011-5161 | | 2012-09-09 | Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading… | |
CVE-2011-5160 | | 2012-09-09 | Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. |