Product
openmrs
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-40076
CVE-2026-40075
CVE-2025-25929
CVE-2025-25928
CVE-2025-25927
CVE-2025-25925
CVE-2021-4292
CVE-2021-4291
CVE-2020-36636
CVE-2020-36635
CVE-2022-4727
CVE-2021-4289
CVE-2021-4288
CVE-2021-4284
CVE-2021-43094
CVE-2022-23612
CVE-2020-24621
CVE-2020-5733
CVE-2020-5732
CVE-2020-5731
CVE-2020-5730
CVE-2020-5729
CVE-2020-5728
CVE-2017-12795
CVE-2018-19276
CVE-2018-16521
CVE-2017-12796
CVE-2014-8073
CVE-2014-8072
CVE-2014-8071
<= 2.7.8
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through
<= 2.7.8
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through
all versions
A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed a
all versions
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to exec
all versions
A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted G
all versions
A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or H
< 1.5.0
A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknow
< 1.6.0
A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects
< 1.5.0
A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErro
< 1.13.0
A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affec
< 1.17.0
A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affect
< 2.12.0
A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this
< 2.12.0
A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issu
< 2.0.0
A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. Thi
<= 2.4.0
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <
>= 1.6 and < 2.1.5
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system
< 3.11.0
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for Ope
<= 2.9.0
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an
<= 2.9.0
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an u
<= 2.9.0
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.
<= 2.9.0
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.
<= 2.9.0
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can resul
<= 2.9.0
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login
all versions
OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).
>= 1.12.0 and < 1.12.1
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execu
all versions
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
< 2.6.1
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does no
all versions
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentica
all versions
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct r
all versions
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary w