Filtered by vendor Openmrs
Subscribe
Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5728 | 1 Openmrs | 1 Openmrs | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting. | |||||
| CVE-2020-5729 | 1 Openmrs | 1 Openmrs | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue. | |||||
| CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2020-04-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | |||||
| CVE-2020-5733 | 1 Openmrs | 1 Openmrs | 2020-04-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information. | |||||
| CVE-2020-5730 | 1 Openmrs | 1 Openmrs | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | |||||
| CVE-2020-5731 | 1 Openmrs | 1 Openmrs | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | |||||