Open Emr Openemr

OpenEMR 4.1.1 Patch 14: Authenticated SQLi + Unrestricted File Upload RCE
CVE-2013-10044 - August 01, 2025

An authenticated SQL injection vulnerability exists in OpenEMR 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.

SQL Injection

OpenEMR <=7.0.3.4 Stored XSS via Patient Name Fields
CVE-2025-32794 - May 23, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders ? Procedure Orders. Version 7.0.3.4 contains a patch for the issue.

OpenEMR 7.0.3.4 Client Log Viewer: Missing Password Change Audit
CVE-2025-32967 - May 23, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue.

Insufficient Logging

OpenEMR <7.0.3.4 XSS via Address Fields
CVE-2025-43860 7.6 - High - May 23, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.

XSS

SQL Injection in OpenEMR 7.0.2 Pharmacy module
CVE-2024-22611 - April 03, 2025

OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.

OpenEMR <=7.0.3.1 XSS via EXIF title in Patient Image
CVE-2025-31121 5.4 - Medium - April 01, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.

XSS

OpenEMR 7.0.3.1: OOB SSRF Vulnerability Fixed
CVE-2025-31117 7.5 - High - March 31, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1.

SSRF

OpenEMR 7.0.3 Reflected XSS in CAMOS new.php via hidden_subcategory
CVE-2025-29772 6.1 - Medium - March 31, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3.

XSS

OpenEMR 7.0 XSS in Bronchitis form comp., fixed in 7.0.3
CVE-2025-30161 5.4 - Medium - March 31, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.

Basic XSS

OpenEMR 7.0.3 AJAX XSS via target param in layout_listitems_ajax.php
CVE-2025-30149 4.6 - Medium - March 31, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3.

XSS

OpenEMR <=7.3.0 Directory Traversal via Load Code
CVE-2025-29789 7.5 - High - March 25, 2025

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.

Directory traversal

OpenEMR 7.0.1 XSS in Secure Messaging 'inputBody', fixed 7.0.2.1
CVE-2024-0875 4.8 - Medium - November 15, 2024

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.

XSS

OpenEMR 7.0.2 Priv Esc via crafted POST noteid
CVE-2024-37734 - June 26, 2024

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

OpenEMR <7.0.2 Remote Privilege Escalation via formid in ereq_form.php
CVE-2024-26476 - February 28, 2024

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.

OpenEMR XSS before 7.0.1: CrossSite Scripting Vulnerability
CVE-2023-2948 6.1 - Medium - May 28, 2023

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

XSS

OpenEMR <7.0.1 Reflected XSS in Input Field (openemr/openemr)
CVE-2023-2949 6.1 - Medium - May 28, 2023

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

XSS

Improper Auth in openEmr <7.0.1 (before 7.0.1)
CVE-2023-2950 8.1 - High - May 28, 2023

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

AuthZ

GitHub openEMR Improper Access Control before 7.0.1
CVE-2023-2946 8.1 - High - May 27, 2023

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Authorization

Stored XSS in OpenEMR before 7.0.1
CVE-2023-2947 4.8 - Medium - May 27, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

XSS

OpenEMR Input Validation Failure <=7.0.1 (User Input)
CVE-2023-2942 8.1 - High - May 27, 2023

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.

Improper Input Validation

Code Injection in OpenEMR <7.0.1 (CVE-2023-2943)
CVE-2023-2943 8.8 - High - May 27, 2023

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

Code Injection

openEMR Improper Access Control prior to 7.0.1
CVE-2023-2944 5.4 - Medium - May 27, 2023

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Authorization

Missing Auth in openEMR <=7.0.0 (CVE-2023-2945)
CVE-2023-2945 5.4 - Medium - May 27, 2023

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

AuthZ

OpenEMR <7.0.1 Improper Access Control in GitHub Repository
CVE-2023-2674 4.3 - Medium - May 12, 2023

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Authorization

OpenEMR Stored XSS before 7.0.1
CVE-2023-2566 4.8 - Medium - May 08, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

XSS

OpenEMR <7.0.0 Reflected XSS via REQUEST_URI (eye_mag_functions.php)
CVE-2023-22972 5.4 - Medium - February 22, 2023

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

XSS

OpenEMR LFI in new.php before 7.0.0 via formname
CVE-2023-22973 8.8 - High - February 22, 2023

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.

Directory traversal

OpenEMR <7.0 Path Traversal in setup.php (CVE-2023-22974)
CVE-2023-22974 7.5 - High - February 22, 2023

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Files or Directories Accessible to External Parties

OpenEMR Stored XSS before 7.0.0.2
CVE-2022-4733 4.8 - Medium - December 27, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

OpenEMR XSS Reflected Vulnerability <7.0.0.2
CVE-2022-4615 6.1 - Medium - December 19, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

Improper Access Control OpenEMR <7.0.0.2
CVE-2022-4567 8.1 - High - December 17, 2022

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

Authorization

OpenEMR <7.0.0.2 Reflected XSS Vulnerability
CVE-2022-4502 6.1 - Medium - December 15, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

XSS in OpenEMR before 7.0.0.2 (GitHub openemr/openemr)
CVE-2022-4503 6.1 - Medium - December 15, 2022

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

OpenEMR Improper Input Validation before 7.0.0.2
CVE-2022-4504 7.5 - High - December 15, 2022

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

Improper Input Validation

OpenEMR <7.0.0.2 Auth Bypass via User-Controlled Key
CVE-2022-4505 4.3 - Medium - December 15, 2022

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

Insecure Direct Object Reference / IDOR

Unrestricted File Upload in OpenEMR <7.0.0.2 (PHP)
CVE-2022-4506 8.8 - High - December 15, 2022

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

Unrestricted File Upload

Auth Bypass via UCtrlK in OpenEMR <7.0.0.1
CVE-2022-2824 5.4 - Medium - August 15, 2022

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Insecure Direct Object Reference / IDOR

OpenEMR <=7.0.0.1 Improper Restriction of Rendered UI Layers (CVE-2022-2734)
CVE-2022-2734 5.4 - Medium - August 09, 2022

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

Clickjacking

OpenEMR <=7.0.0.1 DOM XSS via openemr/openemr GitHub repo
CVE-2022-2729 5.4 - Medium - August 09, 2022

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

XSS

OpenEMR <7.0.0.1 Auth Bypass via User-Controlled Key
CVE-2022-2730 6.5 - Medium - August 09, 2022

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Insecure Direct Object Reference / IDOR

OpenEMR Reflected XSS (pre-7.0.0.1)
CVE-2022-2731 6.1 - Medium - August 09, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

XSS

Missing Auth in OpenEMR <7.0.0.1 RCE
CVE-2022-2732 8.3 - High - August 09, 2022

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

AuthZ

openEMR Reflected XSS before 7.0.0.1
CVE-2022-2733 6.1 - Medium - August 09, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2494 5.4 - Medium - July 22, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

XSS

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2493 8.1 - High - July 22, 2022

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.
CVE-2022-1461 6.5 - Medium - April 25, 2022

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

Insecure Direct Object Reference / IDOR

Non-Privilege User Can View Patients Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
CVE-2022-1459 8.3 - High - April 25, 2022

Non-Privilege User Can View Patients Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

Insecure Direct Object Reference / IDOR

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.
CVE-2022-1458 5.4 - Medium - April 25, 2022

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

XSS

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7
CVE-2020-13567 9.8 - Critical - April 18, 2022

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

SQL Injection

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
CVE-2022-1178 5.4 - Medium - March 30, 2022

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

XSS