Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:openemr:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Openemr (e53c0cd5-f180-5b2a-a46c-f820275bf478) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-25923 |
vulnerable | 2026-06-08 05:30:41.715838 |
Details available
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Published: 2021-06-24T10:52:31.000Z
Updated: 2024-08-03T20:11:28.477Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25922 |
vulnerable | 2026-06-08 05:30:41.715317 |
Details available
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.
Published: 2021-03-22T19:39:21.000Z
Updated: 2024-08-03T20:11:28.488Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25921 |
vulnerable | 2026-06-08 05:30:41.714992 |
Details available
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.
Published: 2021-03-22T19:26:23.000Z
Updated: 2025-04-30T17:35:06.072Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25920 |
vulnerable | 2026-06-08 05:30:41.714377 |
Details available
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
Published: 2021-03-22T19:29:54.000Z
Updated: 2025-04-30T17:35:01.031Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25919 |
vulnerable | 2026-06-08 05:30:41.713846 |
Details available
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
Published: 2021-03-22T19:22:49.000Z
Updated: 2025-04-30T17:35:12.194Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25918 |
vulnerable | 2026-06-08 05:30:41.713268 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25917 |
vulnerable | 2026-06-08 05:30:41.711896 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13569 |
vulnerable | 2026-06-08 05:18:00.804915 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3968 |
vulnerable | 2026-06-08 05:13:56.570254 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3967 |
vulnerable | 2026-06-08 05:13:56.569972 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3966 |
vulnerable | 2026-06-08 05:13:56.569711 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3965 |
vulnerable | 2026-06-08 05:13:56.569428 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3964 |
vulnerable | 2026-06-08 05:13:56.569011 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3963 |
vulnerable | 2026-06-08 05:13:56.567951 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.