Skip to main content

Openmrs

12 CVEs product

Monthly

CVE-2025-25925 MEDIUM POC This Month

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. [CVSS 4.8 MEDIUM]

XSS Openmrs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2022-23612 HIGH POC PATCH This Week

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat Path Traversal Openmrs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-5733 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5732 MEDIUM POC This Month

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5731 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5730 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5729 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5728 MEDIUM POC This Month

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2017-12796 CRITICAL POC Act Now

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Openmrs
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2014-8073 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Openmrs
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8072 MEDIUM POC This Month

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openmrs
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-8071 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. [CVSS 4.8 MEDIUM]

XSS Openmrs
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat Path Traversal Openmrs
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Openmrs
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Openmrs
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openmrs
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy