📦 Openmrs

This SQL injection vulnerability in OpenMRS allows attackers to execute arbitrary SQL commands via GET request parameters on the patient.page endpoint. It affects OpenMRS Reference Application Standal...

This CSRF vulnerability in OpenMRS 2.4.3 allows attackers to perform unauthorized administrative actions by tricking authenticated users into submitting malicious requests. Attackers can elevate low-p...

CVE-2022-23612 is a path traversal vulnerability in OpenMRS that allows attackers to exfiltrate arbitrary files from the server. The vulnerability affects OpenMRS versions before 2.1.5, 2.2.1, 2.3.5, ...

This reflected cross-site scripting (XSS) vulnerability in OpenMRS allows attackers to inject malicious JavaScript via the reportType parameter in the /legacyui/quickReportServlet component. When expl...

A stored cross-site scripting (XSS) vulnerability in OpenMRS v2.4.3 Build 0ff0ed allows attackers to inject malicious scripts into the personName.middleName field. When administrators view patient for...