Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:openemr:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductOpenemr (e53c0cd5-f180-5b2a-a46c-f820275bf478)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-25923 vulnerable 2026-06-08 05:30:41.715838 Details available
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Published: 2021-06-24T10:52:31.000Z
Updated: 2024-08-03T20:11:28.477Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25922 vulnerable 2026-06-08 05:30:41.715317 Details available
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.
Published: 2021-03-22T19:39:21.000Z
Updated: 2024-08-03T20:11:28.488Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25921 vulnerable 2026-06-08 05:30:41.714992 Details available
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
Published: 2021-03-22T19:26:23.000Z
Updated: 2025-04-30T17:35:06.072Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25920 vulnerable 2026-06-08 05:30:41.714377 Details available
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
Published: 2021-03-22T19:29:54.000Z
Updated: 2025-04-30T17:35:01.031Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25919 vulnerable 2026-06-08 05:30:41.713846 Details available
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
Published: 2021-03-22T19:22:49.000Z
Updated: 2025-04-30T17:35:12.194Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25918 vulnerable 2026-06-08 05:30:41.713268 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25917 vulnerable 2026-06-08 05:30:41.711896 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-13569 vulnerable 2026-06-08 05:18:00.804915 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3968 vulnerable 2026-06-08 05:13:56.570254 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3967 vulnerable 2026-06-08 05:13:56.569972 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3966 vulnerable 2026-06-08 05:13:56.569711 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3965 vulnerable 2026-06-08 05:13:56.569428 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3964 vulnerable 2026-06-08 05:13:56.569011 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3963 vulnerable 2026-06-08 05:13:56.567951 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.