Filtered by vendor Librehealth
Subscribe
Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31497 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. | |||||
| CVE-2022-31494 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | |||||
| CVE-2022-31493 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | |||||
| CVE-2022-31492 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | |||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | |||||
| CVE-2022-31498 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | |||||
| CVE-2022-29939 | 1 Librehealth | 1 Librehealth Ehr | 2022-05-12 | 3.5 LOW | 5.4 MEDIUM |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2022-29940 | 1 Librehealth | 1 Librehealth Ehr | 2022-05-12 | 3.5 LOW | 5.4 MEDIUM |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2020-11437 | 1 Librehealth | 1 Librehealth Ehr | 2020-07-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. | |||||
| CVE-2018-1000645 | 1 Librehealth | 1 Librehealth Ehr | 2018-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function. | |||||