Search

Find a vulnerability

Search criteria

    74 vulnerabilities found for openemr/openemr by openemr

    CVE-2024-0875 (GCVE-0-2024-0875)

    Vulnerability from nvd – Published: 2024-11-15 10:57 – Updated: 2024-11-15 20:54
    VLAI
    Title
    Stored XSS in openemr/openemr
    Summary
    A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.2.1 (custom)
    Create a notification for this product.
    openemr openemr Affected: 0 , < 7.0.2.1 (custom)
        cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openemr",
                "vendor": "openemr",
                "versions": [
                  {
                    "lessThan": "7.0.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0875",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T20:53:13.800010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T20:54:38.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.2.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the \u0027inputBody\u0027 field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:25.334Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255"
            }
          ],
          "source": {
            "advisory": "16cba0fc-748d-4ea8-9573-1f6fbe9a27c9",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-0875",
        "datePublished": "2024-11-15T10:57:25.334Z",
        "dateReserved": "2024-01-25T04:04:29.988Z",
        "dateUpdated": "2024-11-15T20:54:38.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2950 (GCVE-0-2023-2950)

    Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:22
    VLAI
    Title
    Improper Authorization in openemr/openemr
    Summary
    Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2950",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T16:16:01.256394Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T16:22:28.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
            }
          ],
          "source": {
            "advisory": "612d13cf-2ef9-44ea-b8fb-e797948a9a86",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2950",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-05-28T00:00:00.000Z",
        "dateUpdated": "2025-01-14T16:22:28.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2949 (GCVE-0-2023-2949)

    Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:24
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:04.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T16:24:37.451315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T16:24:44.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
            }
          ],
          "source": {
            "advisory": "3842486f-38b1-4150-9f78-b81d0ae580c4",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2949",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-05-28T00:00:00.000Z",
        "dateUpdated": "2025-01-14T16:24:44.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2948 (GCVE-0-2023-2948)

    Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:34
    VLAI
    Title
    Cross-site Scripting (XSS) - Generic in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T16:34:43.290882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T16:34:53.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
            },
            {
              "url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
            }
          ],
          "source": {
            "advisory": "2393e4d9-9e9f-455f-bf50-f20f77b0a64d",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Generic in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2948",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-05-28T00:00:00.000Z",
        "dateUpdated": "2025-01-14T16:34:53.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2947 (GCVE-0-2023-2947)

    Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2947",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:44:48.511162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:45:05.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
            }
          ],
          "source": {
            "advisory": "52534def-acab-4200-a79a-89ef4ce6a0b0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2947",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:45:05.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2946 (GCVE-0-2023-2946)

    Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2946",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:45:22.206538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:45:42.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
            }
          ],
          "source": {
            "advisory": "e550f4b0-945c-4886-af7f-ee0dc30b2a08",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2946",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:45:42.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2945 (GCVE-0-2023-2945)

    Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:28
    VLAI
    Title
    Missing Authorization in openemr/openemr
    Summary
    Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2945",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:28:04.617661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:28:12.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
            }
          ],
          "source": {
            "advisory": "62de71bd-333d-4593-91a5-534ef7f0c435",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2945",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:28:12.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2944 (GCVE-0-2023-2944)

    Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:29
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2944",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:29:22.372489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:29:29.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
            }
          ],
          "source": {
            "advisory": "0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2944",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:29:29.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2943 (GCVE-0-2023-2943)

    Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
    VLAI
    Title
    Code Injection in openemr/openemr
    Summary
    Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:04.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2943",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:29:51.449525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:30:00.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code Injection in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
            }
          ],
          "source": {
            "advisory": "4190f944-dc2c-4624-9abf-31479456faa9",
            "discovery": "EXTERNAL"
          },
          "title": "Code Injection in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2943",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:30:00.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2942 (GCVE-0-2023-2942)

    Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
    VLAI
    Title
    Improper Input Validation in openemr/openemr
    Summary
    Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.527Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2942",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:30:24.773700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:30:33.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
            },
            {
              "url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
            }
          ],
          "source": {
            "advisory": "dd56e7a0-9dff-48fc-bc59-9a22d91869eb",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2942",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:30:33.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2674 (GCVE-0-2023-2674)

    Vulnerability from nvd – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:59
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2674",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T15:59:47.244531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T15:59:52.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-12T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
            }
          ],
          "source": {
            "advisory": "af73e913-730c-4245-88ce-26fc908d3644",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2674",
        "datePublished": "2023-05-12T00:00:00.000Z",
        "dateReserved": "2023-05-12T00:00:00.000Z",
        "dateUpdated": "2025-01-24T15:59:52.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2566 (GCVE-0-2023-2566)

    Vulnerability from nvd – Published: 2023-05-08 00:00 – Updated: 2025-01-29 17:10
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:26:09.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T17:09:57.482973Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T17:10:05.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
            }
          ],
          "source": {
            "advisory": "47d6fc2a-989a-44eb-9cb7-ab4f8bd44496",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2566",
        "datePublished": "2023-05-08T00:00:00.000Z",
        "dateReserved": "2023-05-08T00:00:00.000Z",
        "dateUpdated": "2025-01-29T17:10:05.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4733 (GCVE-0-2022-4733)

    Vulnerability from nvd – Published: 2022-12-24 00:00 – Updated: 2025-04-10 20:14
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:48:40.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4733",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:58:52.361814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T20:14:10.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-24T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
            }
          ],
          "source": {
            "advisory": "f353adfb-e5b8-43e7-957a-894670fd4ccd",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4733",
        "datePublished": "2022-12-24T00:00:00.000Z",
        "dateReserved": "2022-12-24T00:00:00.000Z",
        "dateUpdated": "2025-04-10T20:14:10.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4615 (GCVE-0-2022-4615)

    Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-14 18:03
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:48:38.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4615",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T14:22:48.096944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:03:28.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-19T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
            }
          ],
          "source": {
            "advisory": "9c66ece4-bcaa-417d-8b98-e8daff8a728b",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4615",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2022-12-19T00:00:00.000Z",
        "dateUpdated": "2025-04-14T18:03:28.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4567 (GCVE-0-2022-4567)

    Vulnerability from nvd – Published: 2022-12-17 00:00 – Updated: 2025-04-14 18:02
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4567",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:44:55.988613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:02:23.919Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-17T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
            }
          ],
          "source": {
            "advisory": "1ac677c4-ec0a-4788-9465-51d9b6bd8fd2",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4567",
        "datePublished": "2022-12-17T00:00:00.000Z",
        "dateReserved": "2022-12-16T00:00:00.000Z",
        "dateUpdated": "2025-04-14T18:02:23.919Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0875 (GCVE-0-2024-0875)

    Vulnerability from cvelistv5 – Published: 2024-11-15 10:57 – Updated: 2024-11-15 20:54
    VLAI
    Title
    Stored XSS in openemr/openemr
    Summary
    A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.2.1 (custom)
    Create a notification for this product.
    openemr openemr Affected: 0 , < 7.0.2.1 (custom)
        cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openemr:openemr:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openemr",
                "vendor": "openemr",
                "versions": [
                  {
                    "lessThan": "7.0.2.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0875",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T20:53:13.800010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T20:54:38.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.2.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the \u0027inputBody\u0027 field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:25.334Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/16cba0fc-748d-4ea8-9573-1f6fbe9a27c9"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/d141d2ca06fb2171a202c7302dd5d5af8539f255"
            }
          ],
          "source": {
            "advisory": "16cba0fc-748d-4ea8-9573-1f6fbe9a27c9",
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2024-0875",
        "datePublished": "2024-11-15T10:57:25.334Z",
        "dateReserved": "2024-01-25T04:04:29.988Z",
        "dateUpdated": "2024-11-15T20:54:38.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2950 (GCVE-0-2023-2950)

    Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:22
    VLAI
    Title
    Improper Authorization in openemr/openemr
    Summary
    Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2950",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T16:16:01.256394Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T16:22:28.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/612d13cf-2ef9-44ea-b8fb-e797948a9a86"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4"
            }
          ],
          "source": {
            "advisory": "612d13cf-2ef9-44ea-b8fb-e797948a9a86",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2950",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-05-28T00:00:00.000Z",
        "dateUpdated": "2025-01-14T16:22:28.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2949 (GCVE-0-2023-2949)

    Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:24
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:04.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T16:24:37.451315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T16:24:44.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/3842486f-38b1-4150-9f78-b81d0ae580c4"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
            }
          ],
          "source": {
            "advisory": "3842486f-38b1-4150-9f78-b81d0ae580c4",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2949",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-05-28T00:00:00.000Z",
        "dateUpdated": "2025-01-14T16:24:44.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2948 (GCVE-0-2023-2948)

    Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 16:34
    VLAI
    Title
    Cross-site Scripting (XSS) - Generic in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T16:34:43.290882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T16:34:53.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/openemr/openemr/commit/af1ecf78d1342519791bda9d3079e88f7d859015"
            },
            {
              "url": "https://huntr.dev/bounties/2393e4d9-9e9f-455f-bf50-f20f77b0a64d"
            }
          ],
          "source": {
            "advisory": "2393e4d9-9e9f-455f-bf50-f20f77b0a64d",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Generic in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2948",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-05-28T00:00:00.000Z",
        "dateUpdated": "2025-01-14T16:34:53.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2945 (GCVE-0-2023-2945)

    Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:28
    VLAI
    Title
    Missing Authorization in openemr/openemr
    Summary
    Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2945",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:28:04.617661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:28:12.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/62de71bd-333d-4593-91a5-534ef7f0c435"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/3656bc88288957d68ba040cad2e5f9dbd1b607b1"
            }
          ],
          "source": {
            "advisory": "62de71bd-333d-4593-91a5-534ef7f0c435",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2945",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:28:12.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2947 (GCVE-0-2023-2947)

    Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2947",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:44:48.511162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:45:05.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/52534def-acab-4200-a79a-89ef4ce6a0b0"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/8d2d601ac40aca75bcd2c3cf193f59c8e56d8425"
            }
          ],
          "source": {
            "advisory": "52534def-acab-4200-a79a-89ef4ce6a0b0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2947",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:45:05.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2943 (GCVE-0-2023-2943)

    Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
    VLAI
    Title
    Code Injection in openemr/openemr
    Summary
    Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:04.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2943",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:29:51.449525Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:30:00.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code Injection in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4190f944-dc2c-4624-9abf-31479456faa9"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
            }
          ],
          "source": {
            "advisory": "4190f944-dc2c-4624-9abf-31479456faa9",
            "discovery": "EXTERNAL"
          },
          "title": "Code Injection in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2943",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:30:00.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2946 (GCVE-0-2023-2946)

    Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:45
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2946",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:45:22.206538Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:45:42.238Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e550f4b0-945c-4886-af7f-ee0dc30b2a08"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/81832acc14207e577e76c4175967c99ae7e3d3f4"
            }
          ],
          "source": {
            "advisory": "e550f4b0-945c-4886-af7f-ee0dc30b2a08",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2946",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:45:42.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2944 (GCVE-0-2023-2944)

    Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:29
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2944",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:29:22.372489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:29:29.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25"
            }
          ],
          "source": {
            "advisory": "0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2944",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:29:29.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2942 (GCVE-0-2023-2942)

    Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:30
    VLAI
    Title
    Improper Input Validation in openemr/openemr
    Summary
    Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:41:03.527Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2942",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:30:24.773700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:30:33.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-27T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9"
            },
            {
              "url": "https://huntr.dev/bounties/dd56e7a0-9dff-48fc-bc59-9a22d91869eb"
            }
          ],
          "source": {
            "advisory": "dd56e7a0-9dff-48fc-bc59-9a22d91869eb",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2942",
        "datePublished": "2023-05-27T00:00:00.000Z",
        "dateReserved": "2023-05-27T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:30:33.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2674 (GCVE-0-2023-2674)

    Vulnerability from cvelistv5 – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:59
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2674",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T15:59:47.244531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T15:59:52.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-12T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/af73e913-730c-4245-88ce-26fc908d3644"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/bb4244c83a74628faafabc0598366f49863914a9"
            }
          ],
          "source": {
            "advisory": "af73e913-730c-4245-88ce-26fc908d3644",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2674",
        "datePublished": "2023-05-12T00:00:00.000Z",
        "dateReserved": "2023-05-12T00:00:00.000Z",
        "dateUpdated": "2025-01-24T15:59:52.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2566 (GCVE-0-2023-2566)

    Vulnerability from cvelistv5 – Published: 2023-05-08 00:00 – Updated: 2025-01-29 17:10
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:26:09.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T17:09:57.482973Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-29T17:10:05.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-08T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/47d6fc2a-989a-44eb-9cb7-ab4f8bd44496"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/a2adac7320dfc631b1da688c3b04f54b8240fc7b"
            }
          ],
          "source": {
            "advisory": "47d6fc2a-989a-44eb-9cb7-ab4f8bd44496",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2566",
        "datePublished": "2023-05-08T00:00:00.000Z",
        "dateReserved": "2023-05-08T00:00:00.000Z",
        "dateUpdated": "2025-01-29T17:10:05.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4733 (GCVE-0-2022-4733)

    Vulnerability from cvelistv5 – Published: 2022-12-24 00:00 – Updated: 2025-04-10 20:14
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:48:40.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4733",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:58:52.361814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T20:14:10.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-24T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/4565d8d1eb80c6aa42cf6b1810ba0a64e0f6abde"
            }
          ],
          "source": {
            "advisory": "f353adfb-e5b8-43e7-957a-894670fd4ccd",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4733",
        "datePublished": "2022-12-24T00:00:00.000Z",
        "dateReserved": "2022-12-24T00:00:00.000Z",
        "dateUpdated": "2025-04-10T20:14:10.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4615 (GCVE-0-2022-4615)

    Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-14 18:03
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in openemr/openemr
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:48:38.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4615",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T14:22:48.096944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:03:28.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-19T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/d5eb41697f7f1bc2c7ee5bc9bbf58684e1c8cc14"
            }
          ],
          "source": {
            "advisory": "9c66ece4-bcaa-417d-8b98-e8daff8a728b",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4615",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2022-12-19T00:00:00.000Z",
        "dateUpdated": "2025-04-14T18:03:28.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4567 (GCVE-0-2022-4567)

    Vulnerability from cvelistv5 – Published: 2022-12-17 00:00 – Updated: 2025-04-14 18:02
    VLAI
    Title
    Improper Access Control in openemr/openemr
    Summary
    Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    openemr openemr/openemr Affected: unspecified , < 7.0.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4567",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T15:44:55.988613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T18:02:23.919Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openemr/openemr",
              "vendor": "openemr",
              "versions": [
                {
                  "lessThan": "7.0.0.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-17T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/1ac677c4-ec0a-4788-9465-51d9b6bd8fd2"
            },
            {
              "url": "https://github.com/openemr/openemr/commit/953cb84dfd55fee9d5296668ec7fdb8bf25bcea4"
            }
          ],
          "source": {
            "advisory": "1ac677c4-ec0a-4788-9465-51d9b6bd8fd2",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in openemr/openemr"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-4567",
        "datePublished": "2022-12-17T00:00:00.000Z",
        "dateReserved": "2022-12-16T00:00:00.000Z",
        "dateUpdated": "2025-04-14T18:02:23.919Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }