Vulnerabilites related to openemr - openemr/openemr
cve-2023-2946
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:45
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2946",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:45:22.206538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:45:42.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
},
{
"url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
}
],
"source": {
"advisory": "e550f4b0-945c-4886-af7f-ee0dc30b2a08",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2946",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:45:42.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4567
Vulnerability from cvelistv5
Published
2022-12-17 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-17T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
},
{
"url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
}
],
"source": {
"advisory": "1ac677c4-ec0a-4788-9465-51d9b6bd8fd2",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4567",
"datePublished": "2022-12-17T00:00:00",
"dateReserved": "2022-12-16T00:00:00",
"dateUpdated": "2024-08-03T01:41:45.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2733
Vulnerability from cvelistv5
Published
2022-08-09 12:05
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/25b91301-dfb0-4353-a732-e051bbe8420c | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/59458bc15ab0cb556c521de9d5187167d6f88945 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/25b91301-dfb0-4353-a732-e051bbe8420c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/59458bc15ab0cb556c521de9d5187167d6f88945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T12:05:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/25b91301-dfb0-4353-a732-e051bbe8420c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/59458bc15ab0cb556c521de9d5187167d6f88945"
}
],
"source": {
"advisory": "25b91301-dfb0-4353-a732-e051bbe8420c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2733",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/25b91301-dfb0-4353-a732-e051bbe8420c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/25b91301-dfb0-4353-a732-e051bbe8420c"
},
{
"name": "https://github.com/openemr/openemr/commit/59458bc15ab0cb556c521de9d5187167d6f88945",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/59458bc15ab0cb556c521de9d5187167d6f88945"
}
]
},
"source": {
"advisory": "25b91301-dfb0-4353-a732-e051bbe8420c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2733",
"datePublished": "2022-08-09T12:05:11",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4505
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T07:04:32.406Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e36ca754-bb9f-4686-ad72-7fb849e97d92"
},
{
"url": "https://github.com/openemr/openemr/commit/235b1910ffe5296187667277d4e197a0c3a9ac33"
}
],
"source": {
"advisory": "e36ca754-bb9f-4686-ad72-7fb849e97d92",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in openemr/openemr",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4505",
"datePublished": "2022-12-15T00:00:00",
"dateReserved": "2022-12-14T00:00:00",
"dateUpdated": "2024-08-03T01:41:45.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2824
Vulnerability from cvelistv5
Published
2022-08-15 15:50
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T07:48:13.987Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11"
}
],
"source": {
"advisory": "1ccb2d1c-6881-4813-a5bc-1603d29b7141",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in openemr/openemr",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2824",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1ccb2d1c-6881-4813-a5bc-1603d29b7141"
},
{
"name": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/c5d99452c173ef21a8e2241e2bbf4b66e2d7fe11"
}
]
},
"source": {
"advisory": "1ccb2d1c-6881-4813-a5bc-1603d29b7141",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2824",
"datePublished": "2022-08-15T15:50:09",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T00:52:58.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2674
Vulnerability from cvelistv5
Published
2023-05-12 00:00
Modified
2025-01-24 15:59
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2674",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T15:59:47.244531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T15:59:52.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
},
{
"url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
}
],
"source": {
"advisory": "af73e913-730c-4245-88ce-26fc908d3644",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2674",
"datePublished": "2023-05-12T00:00:00.000Z",
"dateReserved": "2023-05-12T00:00:00.000Z",
"dateUpdated": "2025-01-24T15:59:52.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2943
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:30
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:29:51.449525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:30:00.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
},
{
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
}
],
"source": {
"advisory": "4190f944-dc2c-4624-9abf-31479456faa9",
"discovery": "EXTERNAL"
},
"title": " Code Injection in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2943",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:30:00.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2734
Vulnerability from cvelistv5
Published
2022-08-09 12:30
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/d8e4c70c-788b-47e9-8141-a08db751d4e6 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/203243467675e85b8b479c778e44ae1aac8bad55 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d8e4c70c-788b-47e9-8141-a08db751d4e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/203243467675e85b8b479c778e44ae1aac8bad55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T12:30:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d8e4c70c-788b-47e9-8141-a08db751d4e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/203243467675e85b8b479c778e44ae1aac8bad55"
}
],
"source": {
"advisory": "d8e4c70c-788b-47e9-8141-a08db751d4e6",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2734",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of Rendered UI Layers or Frames in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d8e4c70c-788b-47e9-8141-a08db751d4e6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d8e4c70c-788b-47e9-8141-a08db751d4e6"
},
{
"name": "https://github.com/openemr/openemr/commit/203243467675e85b8b479c778e44ae1aac8bad55",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/203243467675e85b8b479c778e44ae1aac8bad55"
}
]
},
"source": {
"advisory": "d8e4c70c-788b-47e9-8141-a08db751d4e6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2734",
"datePublished": "2022-08-09T12:30:18",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1459
Vulnerability from cvelistv5
Published
2022-04-25 09:55
Modified
2024-08-03 00:03
Severity ?
EPSS score ?
Summary
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Non-Privilege User Can View Patient\u2019s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1118",
"description": "CWE-1118 Insufficient Documentation of Error Handling Techniques",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T09:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a"
}
],
"source": {
"advisory": "9023ca9b-a601-4e5d-8952-640c60d029f1",
"discovery": "EXTERNAL"
},
"title": "Non-Privilege User Can View Patient\u2019s Disclosures in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1459",
"STATE": "PUBLIC",
"TITLE": "Non-Privilege User Can View Patient\u2019s Disclosures in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.1.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Non-Privilege User Can View Patient\u2019s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1118 Insufficient Documentation of Error Handling Techniques"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1"
},
{
"name": "https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a"
}
]
},
"source": {
"advisory": "9023ca9b-a601-4e5d-8952-640c60d029f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1459",
"datePublished": "2022-04-25T09:55:10",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1177
Vulnerability from cvelistv5
Published
2022-03-30 11:00
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T11:00:28",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175"
}
],
"source": {
"advisory": "0bb2979b-9643-4cdf-ab58-4354976b481b",
"discovery": "EXTERNAL"
},
"title": "Accounting User Can Download Patient Reports in openemr in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1177",
"STATE": "PUBLIC",
"TITLE": "Accounting User Can Download Patient Reports in openemr in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.1.0"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1220 Insufficient Granularity of Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bb2979b-9643-4cdf-ab58-4354976b481b"
},
{
"name": "https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/a2e918abcf15f9fc1f7cb4a1f2b09ff019021175"
}
]
},
"source": {
"advisory": "0bb2979b-9643-4cdf-ab58-4354976b481b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1177",
"datePublished": "2022-03-30T11:00:28",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0875
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 20:54
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.2.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0875",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T20:53:13.800010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:54:38.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the \u0027inputBody\u0027 field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:25.334Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9"
},
{
"url": "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255"
}
],
"source": {
"advisory": "16cba0fc-748d-4ea8-9573-1f6fbe9a27c9",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0875",
"datePublished": "2024-11-15T10:57:25.334Z",
"dateReserved": "2024-01-25T04:04:29.988Z",
"dateUpdated": "2024-11-15T20:54:38.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2731
Vulnerability from cvelistv5
Published
2022-08-09 12:00
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/20b8d5c5-0764-4f0b-8ab3-b9f6b857175e | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/285fb234bd27ea4c46a29f2797edda7f38f1d8db | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/20b8d5c5-0764-4f0b-8ab3-b9f6b857175e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/285fb234bd27ea4c46a29f2797edda7f38f1d8db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T12:00:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/20b8d5c5-0764-4f0b-8ab3-b9f6b857175e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/285fb234bd27ea4c46a29f2797edda7f38f1d8db"
}
],
"source": {
"advisory": "20b8d5c5-0764-4f0b-8ab3-b9f6b857175e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2731",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/20b8d5c5-0764-4f0b-8ab3-b9f6b857175e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/20b8d5c5-0764-4f0b-8ab3-b9f6b857175e"
},
{
"name": "https://github.com/openemr/openemr/commit/285fb234bd27ea4c46a29f2797edda7f38f1d8db",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/285fb234bd27ea4c46a29f2797edda7f38f1d8db"
}
]
},
"source": {
"advisory": "20b8d5c5-0764-4f0b-8ab3-b9f6b857175e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2731",
"datePublished": "2022-08-09T12:00:19",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1461
Vulnerability from cvelistv5
Published
2022-04-25 10:15
Modified
2024-08-03 00:03
Severity ?
EPSS score ?
Summary
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T10:15:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d"
}
],
"source": {
"advisory": "690a8ec5-64fc-4180-9f1f-c3c599bae0a9",
"discovery": "EXTERNAL"
},
"title": "Non Privilege User can Enable or Disable Registered in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1461",
"STATE": "PUBLIC",
"TITLE": "Non Privilege User can Enable or Disable Registered in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.1.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1220 Insufficient Granularity of Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9"
},
{
"name": "https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d"
}
]
},
"source": {
"advisory": "690a8ec5-64fc-4180-9f1f-c3c599bae0a9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1461",
"datePublished": "2022-04-25T10:15:12",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1178
Vulnerability from cvelistv5
Published
2022-03-30 11:00
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.0.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T11:00:20",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
}
],
"source": {
"advisory": "5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1178",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.0.4"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4"
},
{
"name": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
}
]
},
"source": {
"advisory": "5813bd1f-b3aa-44f3-a5c0-aeeee2bf6fa4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1178",
"datePublished": "2022-03-30T11:00:20",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4615
Vulnerability from cvelistv5
Published
2022-12-19 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:38.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
},
{
"url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
}
],
"source": {
"advisory": "9c66ece4-bcaa-417d-8b98-e8daff8a728b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4615",
"datePublished": "2022-12-19T00:00:00",
"dateReserved": "2022-12-19T00:00:00",
"dateUpdated": "2024-08-03T01:48:38.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2494
Vulnerability from cvelistv5
Published
2022-07-22 03:48
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/74ddb017-c1fd-4e72-bd30-3b2033911472 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/152e551208e6de534ab194c87e9ffa4d56d294a8 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/74ddb017-c1fd-4e72-bd30-3b2033911472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/152e551208e6de534ab194c87e9ffa4d56d294a8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T03:48:01",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/74ddb017-c1fd-4e72-bd30-3b2033911472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/152e551208e6de534ab194c87e9ffa4d56d294a8"
}
],
"source": {
"advisory": "74ddb017-c1fd-4e72-bd30-3b2033911472",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2494",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/74ddb017-c1fd-4e72-bd30-3b2033911472",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/74ddb017-c1fd-4e72-bd30-3b2033911472"
},
{
"name": "https://github.com/openemr/openemr/commit/152e551208e6de534ab194c87e9ffa4d56d294a8",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/152e551208e6de534ab194c87e9ffa4d56d294a8"
}
]
},
"source": {
"advisory": "74ddb017-c1fd-4e72-bd30-3b2033911472",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2494",
"datePublished": "2022-07-22T03:48:01",
"dateReserved": "2022-07-20T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2732
Vulnerability from cvelistv5
Published
2022-08-09 12:06
Modified
2024-11-20 16:18
Severity ?
EPSS score ?
Summary
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6 | x_refsource_MISC | |
| https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2732",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T18:06:06.542277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:18:21.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:56:50.974Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"
}
],
"source": {
"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in openemr/openemr",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2732",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
},
{
"name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"
}
]
},
"source": {
"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2732",
"datePublished": "2022-08-09T12:06:13",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-11-20T16:18:21.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2566
Vulnerability from cvelistv5
Published
2023-05-08 00:00
Modified
2025-01-29 17:10
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:09:57.482973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T17:10:05.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-08T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
},
{
"url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
}
],
"source": {
"advisory": "47d6fc2a-989a-44eb-9cb7-ab4f8bd44496",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2566",
"datePublished": "2023-05-08T00:00:00.000Z",
"dateReserved": "2023-05-08T00:00:00.000Z",
"dateUpdated": "2025-01-29T17:10:05.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2948
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2025-01-14 16:34
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:34:43.290882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:34:53.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
},
{
"url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
}
],
"source": {
"advisory": "2393e4d9-9e9f-455f-bf50-f20f77b0a64d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2948",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:34:53.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2493
Vulnerability from cvelistv5
Published
2022-07-22 03:47
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1083",
"description": "CWE-1083 Data Access from Outside Expected Data Manager Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T03:47:17",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908"
}
],
"source": {
"advisory": "8a4d54e2-e1cd-47c3-9304-ac8be87c80f1",
"discovery": "EXTERNAL"
},
"title": "Data Access from Outside Expected Data Manager Component in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2493",
"STATE": "PUBLIC",
"TITLE": "Data Access from Outside Expected Data Manager Component in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1083 Data Access from Outside Expected Data Manager Component"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1"
},
{
"name": "https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908"
}
]
},
"source": {
"advisory": "8a4d54e2-e1cd-47c3-9304-ac8be87c80f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2493",
"datePublished": "2022-07-22T03:47:17",
"dateReserved": "2022-07-20T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1180
Vulnerability from cvelistv5
Published
2022-03-30 11:05
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c | x_refsource_MISC | |
| https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.0.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T11:05:20",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5"
}
],
"source": {
"advisory": "0e281ea2-70f7-4ed7-8814-74502eff9dd5",
"discovery": "EXTERNAL"
},
"title": "Reflected Cross Site Scripting in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1180",
"STATE": "PUBLIC",
"TITLE": "Reflected Cross Site Scripting in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.0.4"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
},
{
"name": "https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0e281ea2-70f7-4ed7-8814-74502eff9dd5"
}
]
},
"source": {
"advisory": "0e281ea2-70f7-4ed7-8814-74502eff9dd5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1180",
"datePublished": "2022-03-30T11:05:20",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1458
Vulnerability from cvelistv5
Published
2022-04-25 09:50
Modified
2024-08-03 00:03
Severity ?
EPSS score ?
Summary
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-25T09:50:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d"
}
],
"source": {
"advisory": "78674078-0796-4102-a81e-f699cd6981b0",
"discovery": "EXTERNAL"
},
"title": "Stored XSS Leads To Session Hijacking in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1458",
"STATE": "PUBLIC",
"TITLE": "Stored XSS Leads To Session Hijacking in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.1.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0"
},
{
"name": "https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d"
}
]
},
"source": {
"advisory": "78674078-0796-4102-a81e-f699cd6981b0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1458",
"datePublished": "2022-04-25T09:50:10",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4506
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942"
},
{
"url": "https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51f"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4506"
}
],
"source": {
"advisory": "f423d193-4ab0-4f03-ad90-25e4f02e7942",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4506",
"datePublished": "2022-12-15T00:00:00",
"dateReserved": "2022-12-15T00:00:00",
"dateUpdated": "2024-08-03T01:41:45.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2944
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:29
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2944",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:29:22.372489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:29:29.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
},
{
"url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
}
],
"source": {
"advisory": "0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2944",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:29:29.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2950
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2025-01-14 16:22
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:16:01.256394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:22:28.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
},
{
"url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
}
],
"source": {
"advisory": "612d13cf-2ef9-44ea-b8fb-e797948a9a86",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2950",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:22:28.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4503
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879"
},
{
"url": "https://huntr.dev/bounties/4cba644c-a2f5-4ed7-af5d-f2cab1895e13"
}
],
"source": {
"advisory": "4cba644c-a2f5-4ed7-af5d-f2cab1895e13",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4503",
"datePublished": "2022-12-15T00:00:00",
"dateReserved": "2022-12-14T00:00:00",
"dateUpdated": "2024-08-03T01:41:45.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2942
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:30
Severity ?
EPSS score ?
Summary
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:30:24.773700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:30:33.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
},
{
"url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
}
],
"source": {
"advisory": "dd56e7a0-9dff-48fc-bc59-9a22d91869eb",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2942",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:30:33.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1181
Vulnerability from cvelistv5
Published
2022-03-30 11:05
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T11:05:13",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022"
}
],
"source": {
"advisory": "2534e0fb-f503-4a4b-aed1-ec448c98bf60",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1181",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.0.2"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2534e0fb-f503-4a4b-aed1-ec448c98bf60"
},
{
"name": "https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/2835cc397610fc28037302dad948c38fda032022"
}
]
},
"source": {
"advisory": "2534e0fb-f503-4a4b-aed1-ec448c98bf60",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1181",
"datePublished": "2022-03-30T11:05:13",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2730
Vulnerability from cvelistv5
Published
2022-08-09 11:55
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T11:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
}
],
"source": {
"advisory": "a81f39ab-092b-4941-b9ca-c4c8f2191504",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2730",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass Through User-Controlled Key in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a81f39ab-092b-4941-b9ca-c4c8f2191504"
},
{
"name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
}
]
},
"source": {
"advisory": "a81f39ab-092b-4941-b9ca-c4c8f2191504",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2730",
"datePublished": "2022-08-09T11:55:10",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2945
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:28
Severity ?
EPSS score ?
Summary
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2945",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:28:04.617661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:28:12.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
},
{
"url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
}
],
"source": {
"advisory": "62de71bd-333d-4593-91a5-534ef7f0c435",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2945",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:28:12.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4504
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f50538cb-99d3-411d-bd1a-5f36d1fa9f5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f50538cb-99d3-411d-bd1a-5f36d1fa9f5d"
},
{
"url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879"
}
],
"source": {
"advisory": "f50538cb-99d3-411d-bd1a-5f36d1fa9f5d",
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4504",
"datePublished": "2022-12-15T00:00:00",
"dateReserved": "2022-12-14T00:00:00",
"dateUpdated": "2024-08-03T01:41:45.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4502
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/openemr/openemr/commit/37d7ed4855763fc588485f05b2e9cc0944f71879"
},
{
"url": "https://huntr.dev/bounties/5bdef791-6886-4008-b9ba-045cb4524114"
}
],
"source": {
"advisory": "5bdef791-6886-4008-b9ba-045cb4524114",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4502",
"datePublished": "2022-12-15T00:00:00",
"dateReserved": "2022-12-14T00:00:00",
"dateUpdated": "2024-08-03T01:41:45.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2947
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:45
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:44:48.511162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:45:05.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
},
{
"url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
}
],
"source": {
"advisory": "52534def-acab-4200-a79a-89ef4ce6a0b0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2947",
"datePublished": "2023-05-27T00:00:00",
"dateReserved": "2023-05-27T00:00:00",
"dateUpdated": "2025-01-14T18:45:05.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2949
Vulnerability from cvelistv5
Published
2023-05-28 00:00
Modified
2025-01-14 16:24
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:24:37.451315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:24:44.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-28T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
},
{
"url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
}
],
"source": {
"advisory": "3842486f-38b1-4150-9f78-b81d0ae580c4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2949",
"datePublished": "2023-05-28T00:00:00",
"dateReserved": "2023-05-28T00:00:00",
"dateUpdated": "2025-01-14T16:24:44.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4733
Vulnerability from cvelistv5
Published
2022-12-24 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
},
{
"url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
}
],
"source": {
"advisory": "f353adfb-e5b8-43e7-957a-894670fd4ccd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4733",
"datePublished": "2022-12-24T00:00:00",
"dateReserved": "2022-12-24T00:00:00",
"dateUpdated": "2024-08-03T01:48:40.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1179
Vulnerability from cvelistv5
Published
2022-03-30 11:05
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c | x_refsource_MISC | |
| https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 6.0.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "6.0.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T11:05:28",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42"
}
],
"source": {
"advisory": "8025e31f-7dcf-4db9-ab07-06c1e055ab42",
"discovery": "EXTERNAL"
},
"title": "Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1179",
"STATE": "PUBLIC",
"TITLE": "Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.0.4"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/347ad614507183035d188ba14427bc162419778c"
},
{
"name": "https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8025e31f-7dcf-4db9-ab07-06c1e055ab42"
}
]
},
"source": {
"advisory": "8025e31f-7dcf-4db9-ab07-06c1e055ab42",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1179",
"datePublished": "2022-03-30T11:05:28",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2729
Vulnerability from cvelistv5
Published
2022-08-09 11:55
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/13b58e74-2dd0-4eec-9f3a-554485701540 | x_refsource_CONFIRM | |
| https://github.com/openemr/openemr/commit/74d21039aec641b2c406e3baf238ae4602a968b6 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openemr | openemr/openemr |
Version: unspecified < 7.0.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/13b58e74-2dd0-4eec-9f3a-554485701540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openemr/openemr/commit/74d21039aec641b2c406e3baf238ae4602a968b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openemr/openemr",
"vendor": "openemr",
"versions": [
{
"lessThan": "7.0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T11:55:25",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/13b58e74-2dd0-4eec-9f3a-554485701540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openemr/openemr/commit/74d21039aec641b2c406e3baf238ae4602a968b6"
}
],
"source": {
"advisory": "13b58e74-2dd0-4eec-9f3a-554485701540",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in openemr/openemr",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2729",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - DOM in openemr/openemr"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openemr/openemr",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/13b58e74-2dd0-4eec-9f3a-554485701540",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/13b58e74-2dd0-4eec-9f3a-554485701540"
},
{
"name": "https://github.com/openemr/openemr/commit/74d21039aec641b2c406e3baf238ae4602a968b6",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/74d21039aec641b2c406e3baf238ae4602a968b6"
}
]
},
"source": {
"advisory": "13b58e74-2dd0-4eec-9f3a-554485701540",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2729",
"datePublished": "2022-08-09T11:55:25",
"dateReserved": "2022-08-09T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}